1d4342cf02142227e7fa3437f4ee06ed4ef3d59a136eb2fb4e657e1bd782361f (SHA256)
symnfa.exe
Windows Exe (x86-32)
Created at 2019-02-27 00:28:00
Notifications (2/4)
Some extracted files may be missing in the report since the maximum number of extracted files was reached during the analysis. You can increase the limit in the configuration settings.
The maximum number of reputation file hash requests (20 per analysis) was exceeded. As a result, the reputation status could not be queried for all file hashes. In order to get the reputation status for all file hashes, please increase the 'Max File Hash Requests' setting in the system configurations.
The overall sleep time of all monitored processes was truncated from "32 minutes, 5 seconds" to "7 minutes" to reveal dormant functionality.
Monitored Processes
Behavior Information - Sequential View
Process #1: symnfa.exe
39
0
| Information | Value |
|---|---|
| ID | #1 |
| File Name | c:\users\ciihmnxmn6ps\desktop\symnfa.exe |
| Command Line | "C:\Users\CIiHmnxMn6Ps\Desktop\symnfa.exe" |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:01:29, Reason: Analysis Target |
| Unmonitor | End Time: 00:01:53, Reason: Self Terminated |
| Monitor Duration | 00:00:24 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xebc |
| Parent PID | 0x57c (c:\windows\explorer.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
EC0
0x
EC4
0x
98C
0x
A70
0x
54C
0x
87C
0x
910
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000b80000 | 0x00b80000 | 0x00b9ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000b80000 | 0x00b80000 | 0x00b8ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000b90000 | 0x00b90000 | 0x00b93fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000ba0000 | 0x00ba0000 | 0x00ba0fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000bb0000 | 0x00bb0000 | 0x00bc3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000bd0000 | 0x00bd0000 | 0x00c0ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000c10000 | 0x00c10000 | 0x00d0ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000d10000 | 0x00d10000 | 0x00d13fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000d20000 | 0x00d20000 | 0x00d21fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000d30000 | 0x00d30000 | 0x00d30fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000d40000 | 0x00d40000 | 0x00d40fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000000d50000 | 0x00d50000 | 0x00d50fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000d60000 | 0x00d60000 | 0x00d6ffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x00d70000 | 0x00e2dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000000e30000 | 0x00e30000 | 0x00e6ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000e70000 | 0x00e70000 | 0x00e70fff | Pagefile Backed Memory | r |
|
|
|
- |
| cversions.2.db | 0x00e80000 | 0x00e83fff | Memory Mapped File | r |
|
|
|
- |
| {6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000013.db | 0x00e90000 | 0x00ed2fff | Memory Mapped File | r |
|
|
|
- |
| symnfa.exe | 0x00ee0000 | 0x00f51fff | Memory Mapped File | rwx |
|
|
|
|
| private_0x0000000000f60000 | 0x00f60000 | 0x0105ffff | Private Memory | rw |
|
|
|
- |
| oleaut32.dll | 0x01060000 | 0x010f0fff | Memory Mapped File | r |
|
|
|
- |
| cversions.2.db | 0x01060000 | 0x01063fff | Memory Mapped File | r |
|
|
|
- |
| {ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db | 0x01070000 | 0x010fafff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000001100000 | 0x01100000 | 0x011fffff | Private Memory | rw |
|
|
|
- |
| propsys.dll.mui | 0x01200000 | 0x01210fff | Memory Mapped File | r |
|
|
|
- |
| cversions.1.db | 0x01220000 | 0x01223fff | Memory Mapped File | r |
|
|
|
- |
| windows.storage.dll.mui | 0x01220000 | 0x01227fff | Memory Mapped File | r |
|
|
|
- |
| {afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000001c.db | 0x01230000 | 0x01242fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x0000000001250000 | 0x01250000 | 0x01250fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000001260000 | 0x01260000 | 0x0129ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000012a0000 | 0x012a0000 | 0x012dffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000012e0000 | 0x012e0000 | 0x0131ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001320000 | 0x01320000 | 0x0132ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000001330000 | 0x01330000 | 0x014b7fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000014c0000 | 0x014c0000 | 0x01640fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000001650000 | 0x01650000 | 0x02a4ffff | Pagefile Backed Memory | r |
|
|
|
- |
| sortdefault.nls | 0x02a50000 | 0x02d86fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000002d90000 | 0x02d90000 | 0x02edffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002d90000 | 0x02d90000 | 0x02e8ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002e90000 | 0x02e90000 | 0x02ecffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002ed0000 | 0x02ed0000 | 0x02edffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002ee0000 | 0x02ee0000 | 0x02fdffff | Private Memory | rw |
|
|
|
- |
| shell32.dll.mui | 0x02fe0000 | 0x03040fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000003050000 | 0x03050000 | 0x0314ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000003150000 | 0x03150000 | 0x0324ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000003250000 | 0x03250000 | 0x0328ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000003290000 | 0x03290000 | 0x0338ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000003390000 | 0x03390000 | 0x03390fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x00000000033a0000 | 0x033a0000 | 0x033a3fff | Private Memory | rw |
|
|
|
- |
| wow64cpu.dll | 0x5baa0000 | 0x5baa7fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64win.dll | 0x5bab0000 | 0x5bb22fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64.dll | 0x5bb30000 | 0x5bb7efff | Memory Mapped File | rwx |
|
|
|
- |
| iertutil.dll | 0x74020000 | 0x742e0fff | Memory Mapped File | rwx |
|
|
|
- |
| urlmon.dll | 0x742f0000 | 0x7444ffff | Memory Mapped File | rwx |
|
|
|
- |
| rsaenh.dll | 0x74450000 | 0x7447efff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x74480000 | 0x7449afff | Memory Mapped File | rwx |
|
|
|
- |
| cryptsp.dll | 0x744a0000 | 0x744b2fff | Memory Mapped File | rwx |
|
|
|
- |
| propsys.dll | 0x744c0000 | 0x74601fff | Memory Mapped File | rwx |
|
|
|
- |
| uxtheme.dll | 0x74630000 | 0x746a4fff | Memory Mapped File | rwx |
|
|
|
- |
| apphelp.dll | 0x746b0000 | 0x74740fff | Memory Mapped File | rwx |
|
|
|
- |
| bcryptprimitives.dll | 0x74750000 | 0x747a8fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x747b0000 | 0x747b9fff | Memory Mapped File | rwx |
|
|
|
- |
| sspicli.dll | 0x747c0000 | 0x747ddfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x74a00000 | 0x74aabfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel.appcore.dll | 0x74ab0000 | 0x74abbfff | Memory Mapped File | rwx |
|
|
|
- |
| shlwapi.dll | 0x74da0000 | 0x74de3fff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x74df0000 | 0x74f0ffff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x74f10000 | 0x74f3afff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x74f40000 | 0x7502ffff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x75030000 | 0x7517cfff | Memory Mapped File | rwx |
|
|
|
- |
| profapi.dll | 0x75180000 | 0x7518efff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x75190000 | 0x75305fff | Memory Mapped File | rwx |
|
|
|
- |
| shell32.dll | 0x75310000 | 0x766cefff | Memory Mapped File | rwx |
|
|
|
- |
| windows.storage.dll | 0x76790000 | 0x76c6cfff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x76c70000 | 0x76daffff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x76f20000 | 0x76fddfff | Memory Mapped File | rwx |
|
|
|
- |
| clbcatq.dll | 0x76fe0000 | 0x77061fff | Memory Mapped File | rwx |
|
|
|
- |
| cfgmgr32.dll | 0x77080000 | 0x770b5fff | Memory Mapped File | rwx |
|
|
|
- |
| oleaut32.dll | 0x770d0000 | 0x77161fff | Memory Mapped File | rwx |
|
|
|
- |
| ole32.dll | 0x77170000 | 0x77259fff | Memory Mapped File | rwx |
|
|
|
- |
| powrprof.dll | 0x77260000 | 0x772a3fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x772b0000 | 0x772f2fff | Memory Mapped File | rwx |
|
|
|
- |
| shcore.dll | 0x77300000 | 0x7738cfff | Memory Mapped File | rwx |
|
|
|
- |
| combase.dll | 0x77390000 | 0x77549fff | Memory Mapped File | rwx |
|
|
|
- |
| advapi32.dll | 0x77550000 | 0x775cafff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x776b0000 | 0x77828fff | Memory Mapped File | rwx |
|
|
|
- |
| sysmain.sdb | 0x7fae0000 | 0x7fb4cfff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000007fb54000 | 0x7fb54000 | 0x7fb56fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007fb57000 | 0x7fb57000 | 0x7fb59fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007fb5a000 | 0x7fb5a000 | 0x7fb5cfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007fb5d000 | 0x7fb5d000 | 0x7fb5ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000007fb60000 | 0x7fb60000 | 0x7fc5ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000007fc60000 | 0x7fc60000 | 0x7fc82fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007fc85000 | 0x7fc85000 | 0x7fc87fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007fc88000 | 0x7fc88000 | 0x7fc8afff | Private Memory | rw |
|
|
|
- |
| private_0x000000007fc8b000 | 0x7fc8b000 | 0x7fc8dfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007fc8e000 | 0x7fc8e000 | 0x7fc8efff | Private Memory | rw |
|
|
|
- |
| private_0x000000007fc8f000 | 0x7fc8f000 | 0x7fc8ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7ffc57b4ffff | Private Memory | r |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x00007ffc57d12000 | 0x7ffc57d12000 | 0x7ffffffeffff | Private Memory | r |
|
|
|
- |
Created Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| C:\users\Public\MKSMD.exe | 203.00 KB |
MD5:
fed812eac63187fd833d77acf11857e2
SHA1: ac1e57c6a7f87ac020fa6c7946a2762fe9a472ff SHA256: 5c09c6a785461f9004c08455664187a1d6f668aff3bb46ec19a113605cff8933 SSDeep: 1536:yknrSbkoDRU6XSE+puj9kV5PKViOeEG3+U9EgIbsW9d7B9dlq4PQUfy28fZO:Wkoy6CE+46IViyG3+Um19Vw4oUfCZO |
|
|
Threads
Thread 0xec0
39
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Load | module_name = api-ms-win-core-synch-l1-2-0, base_address = 0x75190000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = InitializeCriticalSectionEx, address_out = 0x75243ae0 |
|
1 | |
| Module | Load | module_name = api-ms-win-core-fibers-l1-1-1, base_address = 0x75190000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = FlsAlloc, address_out = 0x75246530 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = FlsSetValue, address_out = 0x75243770 |
|
1 | |
| Module | Load | module_name = advapi32, base_address = 0x77550000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = EventRegister, address_out = 0x776e0a90 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = EventSetInformation, address_out = 0x77710a90 |
|
1 | |
| Module | Load | module_name = api-ms-win-core-synch-l1-2-0, base_address = 0x75190000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = InitializeCriticalSectionEx, address_out = 0x75243ae0 |
|
1 | |
| Module | Load | module_name = api-ms-win-core-fibers-l1-1-1, base_address = 0x75190000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = FlsAlloc, address_out = 0x75246530 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = FlsGetValue, address_out = 0x7523a7b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = FlsSetValue, address_out = 0x75243770 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Load | module_name = api-ms-win-core-localization-l1-2-1, base_address = 0x75190000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = LCMapStringEx, address_out = 0x75233690 |
|
1 | |
| Module | Get Filename | process_name = c:\users\ciihmnxmn6ps\desktop\symnfa.exe, file_name_orig = C:\Users\CIiHmnxMn6Ps\Desktop\symnfa.exe, size = 260 |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Module | Get Filename | process_name = c:\users\ciihmnxmn6ps\desktop\symnfa.exe, file_name_orig = C:\Users\CIiHmnxMn6Ps\Desktop\symnfa.exe, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\users\ciihmnxmn6ps\desktop\symnfa.exe, file_name_orig = C:\Users\CIiHmnxMn6Ps\Desktop\symnfa.exe, size = 500 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| System | Get Info | type = Windows Directory, result_out = C:\Windows |
|
1 | |
| System | Get Time | type = Ticks, time = 127656 |
|
1 | |
| File | Create | filename = C:\users\Public\MKSMD.exe, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
1 | |
| System | Sleep | duration = 3500 milliseconds (3.500 seconds) |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x74f40000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsWow64Process, address_out = 0x74f596e0 |
|
1 | |
| File | Write | filename = C:\users\Public\MKSMD.exe, size = 207872 |
|
1 | |
| System | Sleep | duration = 5000 milliseconds (5.000 seconds) |
|
1 | |
| Process | Create | process_name = C:\users\Public\MKSMD.exe, show_window = SW_HIDE |
|
1 | |
| Module | Get Filename | process_name = c:\users\ciihmnxmn6ps\desktop\symnfa.exe, file_name_orig = C:\Users\CIiHmnxMn6Ps\Desktop\symnfa.exe, size = 260 |
|
1 | |
| Module | Get Handle | module_name = c:\users\ciihmnxmn6ps\desktop\symnfa.exe, base_address = 0xee0000 |
|
2 | |
| Module | Load | module_name = api-ms-win-appmodel-runtime-l1-1-1, base_address = 0x74ab0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel.appcore.dll, function = GetCurrentPackageId, address_out = 0x74ab2c80 |
|
1 | |
| Module | Get Handle | module_name = mscoree.dll |
|
1 |
Process #2: mksmd.exe
59698
0
| Information | Value |
|---|---|
| ID | #2 |
| File Name | c:\users\public\mksmd.exe |
| Command Line | "C:\users\Public\MKSMD.exe" C:\Users\CIiHmnxMn6Ps\Desktop\symnfa.exe |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:01:49, Reason: Child Process |
| Unmonitor | End Time: 00:05:22, Reason: Terminated by Timeout |
| Monitor Duration | 00:03:33 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x52c |
| Parent PID | 0xebc (c:\users\ciihmnxmn6ps\desktop\symnfa.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
6B4
0x
564
0x
C24
0x
C28
0x
A5C
0x
C2C
0x
A10
0x
C74
0x
C7C
0x
D28
0x
C88
0x
E8C
0x
90C
0x
F08
0x
F2C
0x
EEC
0x
E14
0x
E10
0x
E1C
0x
E28
0x
F6C
0x
FB8
0x
F74
0x
628
0x
EF4
0x
114
0x
F28
0x
F24
0x
F10
0x
F1C
0x
FFC
0x
F20
0x
F30
0x
F14
0x
F0C
0x
C1C
0x
FCC
0x
FDC
0x
FD0
0x
FD4
0x
FE8
0x
DA8
0x
DA4
0x
DA0
0x
D9C
0x
D94
0x
D98
0x
D88
0x
224
0x
304
0x
318
0x
34C
0x
338
0x
320
0x
274
0x
98C
0x
FA8
0x
36C
0x
F68
0x
F60
0x
56C
0x
5E4
0x
578
0x
580
0x
5CC
0x
5D8
0x
C18
0x
B74
0x
F70
0x
46C
0x
950
0x
AE0
0x
B40
0x
9B8
0x
B90
0x
BA4
0x
9B4
0x
8E0
0x
B60
0x
84C
0x
8D4
0x
958
0x
BA8
0x
B70
0x
BAC
0x
7A4
0x
53C
0x
E40
0x
8AC
0x
200
0x
454
0x
7A0
0x
418
0x
718
0x
510
0x
F7C
0x
F80
0x
3DC
0x
F84
0x
A30
0x
888
0x
AC8
0x
C28
0x
D28
0x
C88
0x
C78
0x
CBC
0x
C70
0x
D8C
0x
CAC
0x
C44
0x
C58
0x
D58
0x
E50
0x
E3C
0x
E44
0x
E4C
0x
E5C
0x
E60
0x
E64
0x
D78
0x
E48
0x
E38
0x
88C
0x
ED8
0x
EC8
0x
290
0x
470
0x
ECC
0x
ED0
0x
EE4
0x
404
0x
530
0x
EF0
0x
EF8
0x
234
0x
798
0x
81C
0x
550
0x
554
0x
C38
0x
A58
0x
F40
0x
F44
0x
F48
0x
F54
0x
F58
0x
F4C
0x
F50
0x
F3C
0x
2E8
0x
F38
0x
378
0x
D44
0x
D40
0x
C80
0x
C40
0x
85C
0x
40
0x
60C
0x
4F8
0x
C4C
0x
C64
0x
900
0x
E8C
0x
DFC
0x
DEC
0x
DE4
0x
DE0
0x
DF8
0x
E04
0x
E08
0x
DE8
0x
E18
0x
DF0
0x
E00
0x
D90
0x
C94
0x
CA8
0x
C50
0x
C48
0x
D4C
0x
D54
0x
D64
0x
CA4
0x
C84
0x
D74
0x
D48
0x
C8C
0x
B64
0x
3A0
0x
51C
0x
61C
0x
204
0x
A84
0x
2BC
0x
B24
0x
D20
0x
8A0
0x
AEC
0x
2F4
0x
270
0x
EC
0x
C14
0x
90C
0x
7C0
0x
EAC
0x
EA8
0x
EB8
0x
EB0
0x
E88
0x
E9C
0x
E84
0x
DD0
0x
EA4
0x
DDC
0x
63C
0x
820
0x
A68
0x
AE8
0x
7C8
0x
770
0x
76C
0x
7CC
0x
7BC
0x
BF8
0x
968
0x
5BC
0x
75C
0x
784
0x
DB8
0x
340
0x
434
0x
FF4
0x
C04
0x
82C
0x
764
0x
C98
0x
7D0
0x
93C
0x
940
0x
A2C
0x
AB0
0x
938
0x
4F0
0x
934
0x
DB4
0x
F2C
0x
C60
0x
F78
0x
D80
0x
F34
0x
E20
0x
E2C
0x
320
0x
EC0
0x
FA4
0x
EBC
0x
A70
0x
54C
0x
F64
0x
EC4
0x
87C
0x
FA0
0x
910
0x
FC4
0x
E54
0x
65C
0x
F9C
0x
D24
0x
A14
0x
A0C
0x
A24
0x
9F8
0x
B08
0x
F5C
0x
150
0x
FEC
0x
AE8
0x
528
0x
728
0x
610
0x
C04
0x
518
0x
490
0x
248
0x
AC4
0x
A38
0x
384
0x
B80
0x
7D4
0x
D68
0x
11C
0x
83C
0x
C30
0x
A1C
0x
F04
0x
7B4
0x
854
0x
CC0
0x
CA0
0x
EE0
0x
808
0x
7D8
0x
4D0
0x
774
0x
858
0x
8A8
0x
954
0x
7B0
0x
CB0
0x
D84
0x
E24
0x
EFC
0x
FF8
0x
780
0x
F94
0x
F00
0x
B7C
0x
EE8
0x
790
0x
A00
0x
1004
0x
1008
0x
100C
0x
1010
0x
1014
0x
1018
0x
101C
0x
1020
0x
1024
0x
1028
0x
102C
0x
1030
0x
1034
0x
1038
0x
103C
0x
1040
0x
1044
0x
1048
0x
104C
0x
1050
0x
1054
0x
1058
0x
105C
0x
1060
0x
1064
0x
1068
0x
106C
0x
1070
0x
1074
0x
1078
0x
1084
0x
1088
0x
108C
0x
1090
0x
1094
0x
1098
0x
109C
0x
10A0
0x
10A4
0x
10A8
0x
10AC
0x
10B0
0x
10B4
0x
10B8
0x
10BC
0x
10C0
0x
10C4
0x
10C8
0x
10CC
0x
10D0
0x
10D4
0x
10D8
0x
10DC
0x
10E0
0x
10E4
0x
10E8
0x
10EC
0x
10F0
0x
10F4
0x
10F8
0x
10FC
0x
1100
0x
1104
0x
1108
0x
110C
0x
1110
0x
1114
0x
1118
0x
111C
0x
1138
0x
1144
0x
1148
0x
114C
0x
1158
0x
115C
0x
1160
0x
1164
0x
1168
0x
116C
0x
1194
0x
1198
0x
119C
0x
11A0
0x
11A4
0x
11A8
0x
11AC
0x
11B0
0x
11B4
0x
11B8
0x
11BC
0x
11C0
0x
11C4
0x
11C8
0x
11CC
0x
11D0
0x
11D4
0x
11D8
0x
11DC
0x
11E0
0x
11E4
0x
11E8
0x
11EC
0x
11F0
0x
11F4
0x
11F8
0x
11FC
0x
1200
0x
1204
0x
1208
0x
120C
0x
1210
0x
1218
0x
121C
0x
1220
0x
1224
0x
1228
0x
122C
0x
1230
0x
1234
0x
1238
0x
123C
0x
1240
0x
1244
0x
1248
0x
124C
0x
1250
0x
1254
0x
1258
0x
125C
0x
1270
0x
1274
0x
1278
0x
127C
0x
1280
0x
1284
0x
1288
0x
128C
0x
1290
0x
129C
0x
12A0
0x
12A4
0x
12A8
0x
12AC
0x
12B0
0x
12B4
0x
12B8
0x
12C0
0x
12C8
0x
12CC
0x
12D0
0x
12D4
0x
12D8
0x
12DC
0x
12E0
0x
12E4
0x
12E8
0x
12F0
0x
12F4
0x
12FC
0x
1300
0x
1308
0x
130C
0x
131C
0x
1320
0x
1324
0x
1328
0x
132C
0x
1330
0x
1334
0x
133C
0x
1340
0x
1344
0x
1348
0x
1354
0x
1358
0x
135C
0x
1360
0x
1364
0x
1368
0x
136C
0x
1370
0x
1374
0x
1378
0x
137C
0x
1380
0x
1384
0x
1388
0x
138C
0x
1390
0x
1394
0x
1398
0x
139C
0x
13A0
0x
13AC
0x
13B0
0x
13B4
0x
13B8
0x
13BC
0x
13C0
0x
13C4
0x
13C8
0x
13CC
0x
13D0
0x
13D4
0x
13D8
0x
13DC
0x
13E0
0x
13E4
0x
13E8
0x
13EC
0x
13F0
0x
13F4
0x
13F8
0x
13FC
0x
1124
0x
1150
0x
112C
0x
107C
0x
1138
0x
113C
0x
1128
0x
1120
0x
117C
0x
118C
0x
1218
0x
1298
0x
B38
0x
E80
0x
E94
0x
208
0x
1FC
0x
2DC
0x
3D8
0x
344
0x
5E0
0x
8B0
0x
700
0x
584
0x
778
0x
95C
0x
830
0x
6EC
0x
64C
0x
634
0x
6FC
0x
72C
0x
3E4
0x
14C
0x
FC
0x
E0C
0x
126C
0x
12EC
0x
1338
0x
1268
0x
1174
0x
1184
0x
1214
0x
96C
0x
DD4
0x
368
0x
B68
0x
B18
0x
6A8
0x
DC4
0x
998
0x
1170
0x
13A8
0x
1190
0x
1180
0x
D6C
0x
984
0x
4F4
0x
9A4
0x
9A8
0x
9AC
0x
1178
0x
994
0x
9A0
0x
9C0
0x
9BC
0x
9C4
0x
9C8
0x
9D0
0x
B0C
0x
B34
0x
B1C
0x
9B0
0x
990
0x
B94
0x
99C
0x
B98
0x
B9C
0x
BB0
0x
BA0
0x
BB4
0x
BB8
0x
BBC
0x
BC0
0x
BC4
0x
BC8
0x
BCC
0x
BD0
0x
BD4
0x
BD8
0x
BDC
0x
BE0
0x
BE4
0x
BE8
0x
BEC
0x
BF0
0x
BF4
0x
C08
0x
BFC
0x
C10
0x
C20
0x
C54
0x
D70
0x
2E0
0x
1F4
0x
A90
0x
484
0x
C68
0x
1350
0x
13A4
0x
1264
0x
12C4
0x
134C
0x
1310
0x
12F8
0x
1260
0x
12BC
0x
1294
0x
69C
0x
5F0
0x
91C
0x
AB4
0x
508
0x
464
0x
440
0x
D30
0x
2C8
0x
B84
0x
45C
0x
C6C
0x
424
0x
DC8
0x
D50
0x
230
0x
C9C
0x
D5C
0x
CB8
0x
D38
0x
D34
0x
EDC
0x
1404
0x
1408
0x
140C
0x
1410
0x
1414
0x
1418
0x
141C
0x
1420
0x
1424
0x
1428
0x
142C
0x
1430
0x
1434
0x
1438
0x
143C
0x
1440
0x
1444
0x
1448
0x
144C
0x
1450
0x
1454
0x
1458
0x
145C
0x
1460
0x
1464
0x
1468
0x
146C
0x
1470
0x
1474
0x
1484
0x
1488
0x
148C
0x
1490
0x
1494
0x
1498
0x
149C
0x
14A0
0x
14A4
0x
14A8
0x
14AC
0x
14B0
0x
14B4
0x
14B8
0x
14BC
0x
14C0
0x
14C4
0x
14C8
0x
14CC
0x
14D0
0x
14D4
0x
14D8
0x
14DC
0x
14E0
0x
14E4
0x
14E8
0x
14EC
0x
14F0
0x
14F4
0x
14F8
0x
14FC
0x
1500
0x
1508
0x
150C
0x
151C
0x
1520
0x
1524
0x
1538
0x
153C
0x
1540
0x
1544
0x
1548
0x
154C
0x
1564
0x
1568
0x
156C
0x
1570
0x
1574
0x
1578
0x
157C
0x
1580
0x
1584
0x
1588
0x
158C
0x
1590
0x
1594
0x
1598
0x
159C
0x
15A0
0x
15A4
0x
15A8
0x
15AC
0x
15B0
0x
15B4
0x
15B8
0x
15BC
0x
15C0
0x
15C4
0x
15C8
0x
15CC
0x
15D0
0x
15D4
0x
15D8
0x
15DC
0x
15E0
0x
15E4
0x
15E8
0x
15EC
0x
15F0
0x
15F4
0x
15F8
0x
15FC
0x
1600
0x
1604
0x
1608
0x
160C
0x
1610
0x
1614
0x
1618
0x
161C
0x
1620
0x
1624
0x
1628
0x
162C
0x
1630
0x
1634
0x
1638
0x
163C
0x
1640
0x
1644
0x
1648
0x
164C
0x
1650
0x
1654
0x
1658
0x
1660
0x
1664
0x
1668
0x
166C
0x
1678
0x
167C
0x
1680
0x
1684
0x
1688
0x
168C
0x
1690
0x
1694
0x
16B0
0x
16B4
0x
16B8
0x
16BC
0x
16C0
0x
16C4
0x
16C8
0x
16CC
0x
16D0
0x
16D4
0x
16D8
0x
16DC
0x
16E0
0x
16E4
0x
16E8
0x
16EC
0x
16F0
0x
16F4
0x
16F8
0x
1700
0x
1704
0x
1708
0x
170C
0x
1710
0x
1714
0x
1718
0x
171C
0x
1720
0x
1724
0x
1728
0x
172C
0x
1734
0x
1738
0x
173C
0x
1740
0x
1744
0x
1748
0x
174C
0x
1750
0x
1758
0x
175C
0x
1760
0x
1764
0x
1768
0x
1774
0x
1778
0x
177C
0x
1780
0x
1784
0x
1788
0x
178C
0x
1790
0x
1794
0x
1798
0x
179C
0x
17A0
0x
17A4
0x
17A8
0x
17AC
0x
17B0
0x
17B4
0x
17B8
0x
17BC
0x
17C0
0x
17C4
0x
17C8
0x
17D0
0x
17D4
0x
17D8
0x
17DC
0x
17E0
0x
17E4
0x
17E8
0x
17EC
0x
17FC
0x
A94
0x
A34
0x
149C
0x
E68
0x
16A4
0x
169C
0x
16FC
0x
152C
0x
1698
0x
1554
0x
165C
0x
1528
0x
1560
0x
1550
0x
1530
0x
17CC
0x
1770
0x
1674
0x
176C
0x
16AC
0x
1754
0x
1670
0x
1730
0x
16A8
0x
16A0
0x
FB4
0x
648
0x
D1C
0x
D18
0x
D14
0x
D10
0x
D0C
0x
D08
0x
D04
0x
1660
0x
D00
0x
CFC
0x
CF8
0x
1804
0x
1808
0x
180C
0x
1810
0x
1814
0x
1818
0x
181C
0x
1820
0x
1824
0x
1828
0x
182C
0x
1830
0x
1834
0x
1838
0x
183C
0x
1840
0x
1844
0x
1848
0x
184C
0x
1850
0x
1854
0x
1858
0x
185C
0x
1860
0x
1864
0x
1868
0x
186C
0x
1870
0x
1874
0x
1878
0x
187C
0x
1880
0x
1884
0x
1888
0x
188C
0x
1890
0x
1894
0x
1898
0x
189C
0x
18A0
0x
18A4
0x
18A8
0x
18AC
0x
18B0
0x
18B4
0x
18B8
0x
18BC
0x
18C0
0x
18C4
0x
18C8
0x
18CC
0x
18D0
0x
18D4
0x
18D8
0x
18DC
0x
18E0
0x
18E4
0x
18E8
0x
18EC
0x
18F0
0x
18F4
0x
18F8
0x
18FC
0x
1900
0x
1904
0x
1908
0x
190C
0x
1910
0x
1914
0x
1918
0x
191C
0x
1920
0x
1924
0x
1928
0x
192C
0x
1930
0x
1934
0x
1938
0x
1940
0x
1944
0x
1948
0x
194C
0x
1950
0x
1954
0x
1958
0x
195C
0x
1978
0x
197C
0x
1980
0x
1984
0x
1988
0x
198C
0x
1990
0x
1998
0x
199C
0x
19A0
0x
19A4
0x
19A8
0x
19AC
0x
19B0
0x
19B4
0x
19B8
0x
19BC
0x
19C0
0x
19C4
0x
19C8
0x
19CC
0x
19D0
0x
19D4
0x
19D8
0x
19DC
0x
19E0
0x
19E4
0x
19EC
0x
19F0
0x
19F4
0x
19F8
0x
19FC
0x
1A00
0x
1A04
0x
1A08
0x
1A0C
0x
1A10
0x
1A14
0x
1A18
0x
1A1C
0x
1A20
0x
1A24
0x
1A28
0x
1A2C
0x
1A30
0x
1A34
0x
1A38
0x
1A3C
0x
1A40
0x
1A44
0x
1A48
0x
1A4C
0x
1A50
0x
1A5C
0x
1A60
0x
1A64
0x
1A68
0x
1A6C
0x
1A70
0x
1A74
0x
1A78
0x
1A7C
0x
1A80
0x
1A84
0x
1A88
0x
1A8C
0x
1A90
0x
1A94
0x
1A98
0x
1A9C
0x
1AA0
0x
1AA4
0x
1AA8
0x
1AAC
0x
1AB0
0x
1AB4
0x
1AB8
0x
1ABC
0x
1AC0
0x
1AC4
0x
1AC8
0x
1ACC
0x
1AD0
0x
1AD4
0x
1AD8
0x
1ADC
0x
1AE0
0x
1AE4
0x
1AE8
0x
1AEC
0x
1AF0
0x
1AF4
0x
1AF8
0x
1AFC
0x
1B00
0x
1B04
0x
1B08
0x
1B10
0x
1B14
0x
1B18
0x
1B1C
0x
1B20
0x
1B24
0x
1B28
0x
1B2C
0x
1B30
0x
1B34
0x
1B38
0x
1B3C
0x
1B40
0x
1B44
0x
1B48
0x
1B4C
0x
1B50
0x
1B54
0x
1B58
0x
1B5C
0x
1B60
0x
1B64
0x
1B68
0x
1B6C
0x
1B70
0x
1B74
0x
1B78
0x
1B7C
0x
1B80
0x
1B84
0x
1B88
0x
1B8C
0x
1B90
0x
1B94
0x
1B98
0x
1B9C
0x
1BA0
0x
1BA4
0x
1BA8
0x
1BAC
0x
1BB0
0x
1BB4
0x
1BB8
0x
1BC8
0x
1BCC
0x
1BD0
0x
1BD4
0x
1BD8
0x
1BDC
0x
1BE0
0x
1BE4
0x
1BE8
0x
1BEC
0x
1BF0
0x
1BF4
0x
1BF8
0x
1BFC
0x
CCC
0x
CF4
0x
CF0
0x
CEC
0x
CE0
0x
CDC
0x
CD8
0x
CD4
0x
CD0
0x
1518
0x
1514
0x
147C
0x
1504
0x
155C
0x
1480
0x
1478
0x
1950
0x
196C
0x
E34
0x
1AF0
0x
1C04
0x
1C08
0x
1C0C
0x
1C10
0x
1C14
0x
1C18
0x
1C1C
0x
1C20
0x
1C24
0x
1C28
0x
1C2C
0x
1C30
0x
1C34
0x
1C38
0x
1C3C
0x
1C40
0x
1C44
0x
1C48
0x
1C4C
0x
1C50
0x
1C58
0x
1C5C
0x
1C60
0x
1C64
0x
1C68
0x
1C6C
0x
1C70
0x
1C74
0x
1C78
0x
1C7C
0x
1C80
0x
1C84
0x
1C88
0x
1C8C
0x
1C90
0x
1C94
0x
1C98
0x
1C9C
0x
1CA0
0x
1CA4
0x
1CA8
0x
1CAC
0x
1CB0
0x
1CB4
0x
1CB8
0x
1CBC
0x
1CC0
0x
1CC4
0x
1CC8
0x
1CCC
0x
1CD0
0x
1CD4
0x
1CD8
0x
1CDC
0x
1CE0
0x
1CE4
0x
1CE8
0x
1CEC
0x
1CF0
0x
1CF4
0x
1CF8
0x
1D00
0x
1D04
0x
1D08
0x
1D0C
0x
1D10
0x
1D14
0x
1D18
0x
1D1C
0x
1D20
0x
1D24
0x
1D28
0x
1D2C
0x
1D30
0x
1D34
0x
1D38
0x
1D3C
0x
1D40
0x
1D44
0x
1D48
0x
1D4C
0x
1D50
0x
1D54
0x
1D58
0x
1D5C
0x
1D60
0x
1D64
0x
1D68
0x
1D6C
0x
1D70
0x
1D74
0x
1D88
0x
1D8C
0x
1D90
0x
1D94
0x
1D98
0x
1D9C
0x
1DA0
0x
1DA4
0x
1DA8
0x
1DAC
0x
1DB0
0x
1DB4
0x
1DBC
0x
1DC0
0x
1DC4
0x
1DC8
0x
1DCC
0x
1DD0
0x
1DD4
0x
1DD8
0x
1DDC
0x
1DE0
0x
1DE4
0x
1DE8
0x
1DEC
0x
1DF0
0x
1DF4
0x
1DF8
0x
1DFC
0x
1E00
0x
1E04
0x
1E0C
0x
1E10
0x
1E14
0x
1E18
0x
1E1C
0x
1E20
0x
1E24
0x
1E28
0x
1E2C
0x
1E30
0x
1E34
0x
1E38
0x
1E3C
0x
1E40
0x
1E44
0x
1E48
0x
1E4C
0x
1E50
0x
1E54
0x
1E58
0x
1E5C
0x
1E60
0x
1E64
0x
1E68
0x
1E70
0x
1EA4
0x
1EA8
0x
1EAC
0x
1EB0
0x
1EB4
0x
1EB8
0x
1EBC
0x
1EC0
0x
1EC4
0x
1EC8
0x
1ECC
0x
1ED0
0x
1ED4
0x
1ED8
0x
1EDC
0x
1EE0
0x
1EE4
0x
1EE8
0x
1EEC
0x
1EF0
0x
1EF4
0x
1EF8
0x
1EFC
0x
1F00
0x
1F04
0x
1F08
0x
1F0C
0x
1F10
0x
1F14
0x
1F18
0x
1F1C
0x
1F20
0x
1F24
0x
1F28
0x
1F2C
0x
1F30
0x
1F34
0x
1F38
0x
1F3C
0x
1F40
0x
1F44
0x
1F48
0x
1F4C
0x
1F50
0x
1F54
0x
1F58
0x
1F5C
0x
1F60
0x
1F64
0x
1F68
0x
1F6C
0x
1F70
0x
1F74
0x
1F78
0x
1F7C
0x
1F80
0x
1F84
0x
1F88
0x
1F8C
0x
1F90
0x
1F98
0x
1F94
0x
1F9C
0x
1FA0
0x
1FA4
0x
1FA8
0x
1FAC
0x
1FB0
0x
1FCC
0x
1FD0
0x
1FD4
0x
1FD8
0x
1FDC
0x
1FE0
0x
1FE4
0x
1FE8
0x
1FEC
0x
1FF0
0x
1FF4
0x
1FF8
0x
1FFC
0x
CE4
0x
128
0x
1A58
0x
1BBC
0x
1964
0x
1974
0x
19E8
0x
1D80
0x
1D84
0x
1960
0x
1BC4
0x
1C54
0x
1D7C
0x
1D78
0x
1994
0x
1970
0x
CE8
0x
948
0x
193C
0x
420
0x
1E08
0x
1DB8
0x
17F4
0x
1534
0x
1558
0x
1B0C
0x
17F8
0x
8C0
0x
17F0
0x
9E8
0x
A88
0x
A18
0x
A20
0x
A28
0x
870
0x
9FC
0x
9F0
0x
A04
0x
84
0x
A9C
0x
AA0
0x
AA4
0x
AA8
0x
AAC
0x
AB8
0x
ABC
0x
AC0
0x
AF0
0x
AF8
0x
AFC
0x
B00
0x
B04
0x
B14
0x
B28
0x
A08
0x
A98
0x
1E70
0x
1E80
0x
E70
0x
1E6C
0x
FB0
0x
FC8
0x
FBC
0x
1E94
0x
5C0
0x
1E9C
0x
FAC
0x
1EA0
0x
1E78
0x
1E88
0x
1E98
0x
1E90
0x
1E8C
0x
1E84
0x
1E74
0x
1E7C
0x
1F98
0x
1FC0
0x
EA0
0x
1968
0x
1510
0x
1FB8
0x
1FC8
0x
1BC0
0x
8CC
0x
1A54
0x
1FC4
0x
1CFC
0x
1FB4
0x
1FBC
0x
DBC
0x
FD8
0x
ED4
0x
2004
0x
2008
0x
200C
0x
2010
0x
2014
0x
2018
0x
201C
0x
2020
0x
2024
0x
2028
0x
202C
0x
2030
0x
2034
0x
2038
0x
203C
0x
2040
0x
2044
0x
2048
0x
204C
0x
2050
0x
2054
0x
2058
0x
205C
0x
2060
0x
2064
0x
2068
0x
206C
0x
2070
0x
2074
0x
2078
0x
207C
0x
2080
0x
2084
0x
2088
0x
208C
0x
2090
0x
2094
0x
2098
0x
209C
0x
20A0
0x
20A4
0x
20A8
0x
20AC
0x
20B0
0x
20B4
0x
20B8
0x
20BC
0x
20C0
0x
20C4
0x
20C8
0x
20CC
0x
20D0
0x
20D4
0x
20D8
0x
20DC
0x
20E0
0x
20E4
0x
20E8
0x
20EC
0x
20F0
0x
20F4
0x
20F8
0x
20FC
0x
2100
0x
2104
0x
2108
0x
210C
0x
2110
0x
2114
0x
2118
0x
211C
0x
2120
0x
2124
0x
2128
0x
212C
0x
2130
0x
2134
0x
2138
0x
213C
0x
2140
0x
2144
0x
2148
0x
214C
0x
2150
0x
2154
0x
2158
0x
215C
0x
2160
0x
2164
0x
2168
0x
216C
0x
2170
0x
2174
0x
2178
0x
217C
0x
2180
0x
2184
0x
2188
0x
218C
0x
2190
0x
2194
0x
2198
0x
219C
0x
21A0
0x
21A4
0x
21A8
0x
21AC
0x
21B0
0x
21B4
0x
21B8
0x
21BC
0x
21C0
0x
21C4
0x
21C8
0x
21CC
0x
21D0
0x
21D4
0x
21D8
0x
21DC
0x
21E0
0x
21E4
0x
21F0
0x
21F4
0x
21F8
0x
21FC
0x
2200
0x
2204
0x
2208
0x
220C
0x
2210
0x
2214
0x
2218
0x
221C
0x
2220
0x
2224
0x
2228
0x
222C
0x
2230
0x
2234
0x
2238
0x
223C
0x
2240
0x
2244
0x
2248
0x
224C
0x
2250
0x
2254
0x
2258
0x
225C
0x
2260
0x
2264
0x
2268
0x
226C
0x
2270
0x
2274
0x
2278
0x
227C
0x
2280
0x
2284
0x
2288
0x
228C
0x
2290
0x
2294
0x
2298
0x
229C
0x
22A0
0x
22A4
0x
22A8
0x
22AC
0x
22B0
0x
22B4
0x
22B8
0x
22BC
0x
22C0
0x
22C4
0x
22C8
0x
22CC
0x
22D0
0x
22D4
0x
22D8
0x
22DC
0x
22E0
0x
22E4
0x
22E8
0x
22EC
0x
22F0
0x
22F4
0x
2300
0x
2304
0x
2308
0x
230C
0x
2310
0x
2314
0x
2318
0x
231C
0x
2320
0x
2324
0x
2328
0x
232C
0x
2338
0x
233C
0x
2340
0x
2344
0x
2348
0x
234C
0x
2350
0x
2354
0x
2358
0x
235C
0x
2360
0x
2364
0x
2368
0x
2370
0x
2374
0x
2378
0x
237C
0x
2380
0x
2384
0x
2388
0x
238C
0x
2390
0x
2394
0x
2398
0x
239C
0x
23A0
0x
23A8
0x
23AC
0x
23B0
0x
23B4
0x
23B8
0x
23BC
0x
23C0
0x
23C4
0x
23C8
0x
23CC
0x
23D0
0x
23D4
0x
23D8
0x
23DC
0x
23E0
0x
23E4
0x
23E8
0x
23EC
0x
23F0
0x
23F4
0x
23F8
0x
23FC
0x
E30
0x
874
0x
41C
0x
9F4
0x
2414
0x
2494
0x
2498
0x
249C
0x
24A0
0x
24A4
0x
24A8
0x
24AC
0x
24B0
0x
24B4
0x
24B8
0x
24BC
0x
24C0
0x
24C4
0x
24C8
0x
24CC
0x
24D0
0x
24D4
0x
24D8
0x
24DC
0x
24E0
0x
24E4
0x
24E8
0x
24EC
0x
24F0
0x
24F4
0x
24F8
0x
24FC
0x
2500
0x
2504
0x
2508
0x
250C
0x
2510
0x
2514
0x
2518
0x
251C
0x
2520
0x
2524
0x
2528
0x
252C
0x
2530
0x
2534
0x
2538
0x
253C
0x
2540
0x
2544
0x
2548
0x
254C
0x
2550
0x
2554
0x
2558
0x
255C
0x
2560
0x
2564
0x
2568
0x
256C
0x
2570
0x
2574
0x
2578
0x
257C
0x
2580
0x
2584
0x
2588
0x
258C
0x
2590
0x
2594
0x
2598
0x
259C
0x
25A0
0x
25A4
0x
25A8
0x
25AC
0x
25B0
0x
25B4
0x
25B8
0x
25BC
0x
25C0
0x
25C4
0x
25C8
0x
25CC
0x
25D0
0x
25D4
0x
25D8
0x
25DC
0x
25E0
0x
25E4
0x
25E8
0x
25EC
0x
25F0
0x
25F4
0x
25F8
0x
25FC
0x
2600
0x
2604
0x
2608
0x
260C
0x
2610
0x
2614
0x
2618
0x
261C
0x
2620
0x
2624
0x
2628
0x
262C
0x
2630
0x
2634
0x
2638
0x
263C
0x
2640
0x
2644
0x
2648
0x
264C
0x
2650
0x
2654
0x
2658
0x
265C
0x
2660
0x
2664
0x
2668
0x
266C
0x
2670
0x
2674
0x
2678
0x
267C
0x
2680
0x
2684
0x
2688
0x
268C
0x
2690
0x
2694
0x
2698
0x
269C
0x
26A0
0x
26A4
0x
26A8
0x
26AC
0x
26B0
0x
26B4
0x
26B8
0x
26BC
0x
26C0
0x
26C4
0x
26C8
0x
26CC
0x
26D0
0x
26D4
0x
26D8
0x
26DC
0x
26E0
0x
26E4
0x
26E8
0x
26EC
0x
26F0
0x
26F4
0x
26F8
0x
26FC
0x
2700
0x
2704
0x
2708
0x
270C
0x
2710
0x
2714
0x
2718
0x
271C
0x
2720
0x
2724
0x
2728
0x
272C
0x
2730
0x
2734
0x
2738
0x
273C
0x
2740
0x
2744
0x
2748
0x
274C
0x
2750
0x
2754
0x
2758
0x
275C
0x
2760
0x
2764
0x
2768
0x
276C
0x
2770
0x
2774
0x
2778
0x
277C
0x
2780
0x
2784
0x
2788
0x
278C
0x
2790
0x
2794
0x
2798
0x
279C
0x
27A0
0x
27A4
0x
27A8
0x
27AC
0x
27B0
0x
27B4
0x
27B8
0x
27BC
0x
27C0
0x
27C4
0x
27C8
0x
27CC
0x
27D0
0x
27D4
0x
27D8
0x
27DC
0x
27E0
0x
27E4
0x
27E8
0x
27EC
0x
27F0
0x
27F4
0x
27F8
0x
27FC
0x
2408
0x
240C
0x
22FC
0x
23A4
0x
2334
0x
2298
0x
236C
0x
2404
0x
22F8
0x
2330
0x
604
0x
2414
0x
2424
0x
243C
0x
2440
0x
241C
0x
242C
0x
2434
0x
2430
0x
2428
0x
2438
0x
2418
0x
2420
0x
2804
0x
2808
0x
280C
0x
2810
0x
2814
0x
2818
0x
281C
0x
2820
0x
2824
0x
2828
0x
282C
0x
2830
0x
2834
0x
2838
0x
283C
0x
2840
0x
2844
0x
2848
0x
284C
0x
2850
0x
2854
0x
2858
0x
285C
0x
2860
0x
2864
0x
2868
0x
286C
0x
2870
0x
2874
0x
2878
0x
287C
0x
2880
0x
2884
0x
2888
0x
2894
0x
2898
0x
289C
0x
28A0
0x
28A4
0x
28A8
0x
28AC
0x
28B0
0x
28B4
0x
28B8
0x
28BC
0x
28C0
0x
28C4
0x
28C8
0x
28CC
0x
28D0
0x
28D4
0x
28D8
0x
28E8
0x
28EC
0x
28F0
0x
28F4
0x
28F8
0x
28FC
0x
2904
0x
2908
0x
290C
0x
2910
0x
2914
0x
2918
0x
291C
0x
2920
0x
2924
0x
2928
0x
292C
0x
2930
0x
2934
0x
2938
0x
293C
0x
2940
0x
2944
0x
2948
0x
294C
0x
2950
0x
2954
0x
2958
0x
295C
0x
2960
0x
2964
0x
2968
0x
296C
0x
2970
0x
2974
0x
2978
0x
297C
0x
2980
0x
2984
0x
2988
0x
298C
0x
2994
0x
2998
0x
299C
0x
29A0
0x
29A4
0x
29A8
0x
29AC
0x
29B0
0x
29B4
0x
29B8
0x
29BC
0x
29C0
0x
29C4
0x
29C8
0x
29CC
0x
29D0
0x
29D4
0x
29D8
0x
29DC
0x
29E0
0x
29E4
0x
29E8
0x
29EC
0x
29F0
0x
29F4
0x
29F8
0x
29FC
0x
2A00
0x
2A04
0x
2A08
0x
2A0C
0x
2A10
0x
2A18
0x
2A1C
0x
2A20
0x
2A24
0x
2A28
0x
2A2C
0x
2A30
0x
2A34
0x
2A38
0x
2A3C
0x
2A40
0x
2A44
0x
2A48
0x
2A4C
0x
2A50
0x
2A54
0x
2A58
0x
2A5C
0x
2A60
0x
2A64
0x
2A68
0x
2A6C
0x
2A70
0x
2A7C
0x
2A80
0x
2A84
0x
2A88
0x
2A8C
0x
2A90
0x
2A94
0x
2A98
0x
2A9C
0x
2AA0
0x
2AA4
0x
2AA8
0x
2AAC
0x
2AB0
0x
2AB4
0x
2AB8
0x
2ABC
0x
2AC0
0x
2AC4
0x
2AC8
0x
2ACC
0x
2AD0
0x
2AD4
0x
2AD8
0x
2ADC
0x
2AF4
0x
2AF8
0x
2AFC
0x
2B00
0x
2B04
0x
2B08
0x
2B0C
0x
2B10
0x
2B14
0x
2B18
0x
2B1C
0x
2B20
0x
2B24
0x
2B28
0x
2B60
0x
2B64
0x
2B68
0x
2B6C
0x
2B70
0x
2B74
0x
2B78
0x
2B7C
0x
2B80
0x
2B84
0x
2B88
0x
2B8C
0x
2B90
0x
2B94
0x
2B98
0x
2B9C
0x
2BA0
0x
2BA4
0x
2BA8
0x
2BAC
0x
2BB0
0x
2BB4
0x
2BB8
0x
2BBC
0x
2BC0
0x
2BC4
0x
2BC8
0x
2BCC
0x
2BD0
0x
2BD4
0x
2BD8
0x
2BDC
0x
2BE0
0x
2BE4
0x
2BE8
0x
2BEC
0x
2BF0
0x
2BF4
0x
2BF8
0x
2BFC
0x
2428
0x
28E0
0x
2A7C
0x
7AC
0x
2AEC
0x
2A78
0x
2B30
0x
2890
0x
2900
0x
2A74
0x
2A14
0x
2990
0x
288C
0x
28E4
0x
2B4C
0x
28DC
0x
2B50
0x
2AE4
0x
2B34
0x
2B48
0x
2B44
0x
2B3C
0x
2AE0
0x
2B2C
0x
2AE8
0x
2B40
0x
2B54
0x
2B58
0x
2AF0
0x
2B5C
0x
2C04
0x
2C08
0x
2C0C
0x
2C10
0x
2C14
0x
2C18
0x
2C1C
0x
2C20
0x
2C24
0x
2C28
0x
2C2C
0x
2C30
0x
2C34
0x
2C38
0x
2C3C
0x
2C40
0x
2C44
0x
2C48
0x
2C4C
0x
2C50
0x
2C54
0x
2C58
0x
2C5C
0x
2C60
0x
2C64
0x
2C68
0x
2C6C
0x
2C70
0x
2C74
0x
2C78
0x
2C7C
0x
2C80
0x
2C84
0x
2C88
0x
2C8C
0x
2C90
0x
2C94
0x
2C98
0x
2C9C
0x
2CA0
0x
2CA4
0x
2CA8
0x
2CAC
0x
2CB0
0x
2CB4
0x
2CB8
0x
2CBC
0x
2CC0
0x
2CC4
0x
2CC8
0x
2CCC
0x
2CD0
0x
2CD4
0x
2CD8
0x
2CDC
0x
2CE0
0x
2CE4
0x
2CE8
0x
2CEC
0x
2CF0
0x
2CF4
0x
2CF8
0x
2CFC
0x
2D00
0x
2D04
0x
2D08
0x
2D0C
0x
2D10
0x
2D14
0x
2D18
0x
2D1C
0x
2D20
0x
2D24
0x
2D28
0x
2D2C
0x
2D30
0x
2D34
0x
2D38
0x
2D3C
0x
2D40
0x
2D44
0x
2D48
0x
2D4C
0x
2D50
0x
2D54
0x
2D58
0x
2D5C
0x
2D60
0x
2D64
0x
2D68
0x
2D6C
0x
2D70
0x
2D74
0x
2D78
0x
2D7C
0x
2D80
0x
2D84
0x
2D88
0x
2D8C
0x
2D90
0x
2D94
0x
2D98
0x
2D9C
0x
2DA0
0x
2DA4
0x
2DA8
0x
2DAC
0x
2DB0
0x
2DB4
0x
2DB8
0x
2DBC
0x
2DC0
0x
2DC4
0x
2DC8
0x
2DCC
0x
2DD0
0x
2DD4
0x
2DD8
0x
2DDC
0x
2DE0
0x
2DE4
0x
2DE8
0x
2DEC
0x
2DF0
0x
2DF4
0x
2DF8
0x
2DFC
0x
2E00
0x
2E04
0x
2E08
0x
2E0C
0x
2E10
0x
2E14
0x
2E18
0x
2E1C
0x
2E20
0x
2E24
0x
2E28
0x
2E2C
0x
2E30
0x
2E34
0x
2E38
0x
2E3C
0x
2E40
0x
2E44
0x
2E48
0x
2E4C
0x
2E50
0x
2E54
0x
2E58
0x
2E5C
0x
2E60
0x
2E64
0x
2E68
0x
2E6C
0x
2E70
0x
2E74
0x
2E78
0x
2E7C
0x
2E80
0x
2E84
0x
2E88
0x
2E8C
0x
2E90
0x
2E94
0x
2E98
0x
2E9C
0x
2EA0
0x
2EA4
0x
2EA8
0x
2EAC
0x
2EB0
0x
2EB4
0x
2EB8
0x
2EBC
0x
2EC0
0x
2EC4
0x
2EC8
0x
2ECC
0x
2ED0
0x
2ED4
0x
2ED8
0x
2EDC
0x
2EE0
0x
2EE4
0x
2EE8
0x
2EEC
0x
2EF0
0x
2EF4
0x
2EF8
0x
2EFC
0x
2F00
0x
2F04
0x
2F08
0x
2F0C
0x
2F10
0x
2F14
0x
2F18
0x
2F1C
0x
2F20
0x
2F24
0x
2F28
0x
2F2C
0x
2F30
0x
2F34
0x
2F38
0x
2F3C
0x
2F40
0x
2F44
0x
2F48
0x
2F4C
0x
2F50
0x
2F54
0x
2F58
0x
2F5C
0x
2F60
0x
2F64
0x
2F68
0x
2F6C
0x
2F70
0x
2F74
0x
2F78
0x
2F7C
0x
2F80
0x
2F84
0x
2F88
0x
2F8C
0x
2F90
0x
2F94
0x
2F98
0x
2F9C
0x
2FA0
0x
2FA4
0x
2FA8
0x
2FAC
0x
2FB0
0x
2FB4
0x
2FB8
0x
2FBC
0x
2FC0
0x
2FC4
0x
2FC8
0x
2FCC
0x
2FD0
0x
2FD4
0x
2FD8
0x
2FDC
0x
2FE0
0x
2FE4
0x
2FE8
0x
2FEC
0x
2FF0
0x
2FF4
0x
2FF8
0x
2FFC
0x
1140
0x
2490
0x
3004
0x
3008
0x
300C
0x
3010
0x
3014
0x
3018
0x
301C
0x
3020
0x
3024
0x
3028
0x
302C
0x
3030
0x
3034
0x
3038
0x
303C
0x
3040
0x
3044
0x
3048
0x
304C
0x
3050
0x
3054
0x
3058
0x
305C
0x
3060
0x
3064
0x
3068
0x
306C
0x
3070
0x
3074
0x
3078
0x
307C
0x
3080
0x
3084
0x
3088
0x
308C
0x
3090
0x
3094
0x
3098
0x
309C
0x
30A0
0x
30A4
0x
30A8
0x
30AC
0x
30B0
0x
30B4
0x
30B8
0x
30BC
0x
30C0
0x
30C4
0x
30C8
0x
30CC
0x
30D0
0x
30D4
0x
30D8
0x
30DC
0x
30E0
0x
30E4
0x
30E8
0x
30EC
0x
30F0
0x
30F4
0x
30F8
0x
30FC
0x
3100
0x
3104
0x
3108
0x
310C
0x
3110
0x
3114
0x
3118
0x
311C
0x
3120
0x
3124
0x
3128
0x
312C
0x
3130
0x
3134
0x
3138
0x
313C
0x
3140
0x
3144
0x
3148
0x
314C
0x
3150
0x
3154
0x
3158
0x
315C
0x
3160
0x
3164
0x
3168
0x
316C
0x
3170
0x
3174
0x
3178
0x
317C
0x
3180
0x
3184
0x
3188
0x
318C
0x
3190
0x
3194
0x
31A8
0x
31AC
0x
31B0
0x
31B4
0x
31B8
0x
31BC
0x
31C4
0x
31C8
0x
31CC
0x
31D0
0x
31D4
0x
31D8
0x
31DC
0x
31E4
0x
31E8
0x
31EC
0x
31F0
0x
31F4
0x
31F8
0x
31FC
0x
3200
0x
3204
0x
3208
0x
320C
0x
3210
0x
3214
0x
3218
0x
321C
0x
3220
0x
3224
0x
3228
0x
322C
0x
3230
0x
3234
0x
3238
0x
323C
0x
3240
0x
3244
0x
3248
0x
324C
0x
3250
0x
3254
0x
3258
0x
325C
0x
3260
0x
3264
0x
3268
0x
326C
0x
3270
0x
3274
0x
3278
0x
327C
0x
3280
0x
3284
0x
3288
0x
328C
0x
3290
0x
3294
0x
3298
0x
329C
0x
32A0
0x
32A4
0x
32A8
0x
32AC
0x
32B0
0x
32B4
0x
32B8
0x
32C0
0x
32C4
0x
32C8
0x
32D0
0x
32D4
0x
32D8
0x
32DC
0x
32E0
0x
32E4
0x
32E8
0x
32EC
0x
32F0
0x
32F4
0x
32F8
0x
32FC
0x
3300
0x
3304
0x
3308
0x
330C
0x
3310
0x
3314
0x
3318
0x
331C
0x
3328
0x
332C
0x
3330
0x
3334
0x
3338
0x
333C
0x
3340
0x
3344
0x
3348
0x
334C
0x
3350
0x
3354
0x
3358
0x
335C
0x
3360
0x
3364
0x
3368
0x
336C
0x
3370
0x
3374
0x
3378
0x
337C
0x
3380
0x
3384
0x
3388
0x
3394
0x
3398
0x
339C
0x
33A0
0x
33A4
0x
33A8
0x
33AC
0x
33B0
0x
33B4
0x
33B8
0x
33BC
0x
33C0
0x
33C4
0x
33C8
0x
33CC
0x
33D0
0x
33D4
0x
33D8
0x
33EC
0x
33F0
0x
33F4
0x
33F8
0x
33FC
0x
3194
0x
414
0x
D7C
0x
31A4
0x
5F8
0x
3338
0x
3404
0x
3408
0x
340C
0x
3410
0x
3414
0x
3418
0x
341C
0x
3420
0x
3424
0x
3428
0x
342C
0x
3430
0x
3434
0x
3438
0x
343C
0x
3440
0x
3444
0x
3448
0x
344C
0x
3450
0x
3454
0x
3458
0x
345C
0x
3464
0x
3468
0x
346C
0x
3470
0x
3474
0x
3478
0x
347C
0x
3480
0x
3484
0x
3488
0x
348C
0x
3490
0x
3494
0x
3498
0x
349C
0x
34A0
0x
34A4
0x
34A8
0x
34AC
0x
34B0
0x
34B4
0x
34B8
0x
34BC
0x
34C0
0x
34C4
0x
34C8
0x
34CC
0x
34D0
0x
34D4
0x
34D8
0x
34DC
0x
34E0
0x
34E4
0x
34E8
0x
34EC
0x
34F0
0x
34F4
0x
34F8
0x
34FC
0x
3500
0x
3504
0x
3508
0x
350C
0x
3510
0x
3514
0x
3518
0x
351C
0x
3520
0x
3524
0x
3528
0x
352C
0x
3530
0x
3534
0x
3538
0x
353C
0x
3540
0x
3544
0x
3548
0x
354C
0x
3550
0x
3554
0x
3558
0x
355C
0x
3560
0x
3564
0x
3568
0x
356C
0x
3570
0x
3574
0x
3578
0x
357C
0x
3580
0x
3584
0x
3588
0x
358C
0x
3590
0x
3594
0x
3598
0x
359C
0x
35A4
0x
35A8
0x
35AC
0x
35B0
0x
35B4
0x
35B8
0x
35BC
0x
35C0
0x
35C4
0x
35C8
0x
35CC
0x
35D0
0x
35D4
0x
35D8
0x
35DC
0x
35E0
0x
35E4
0x
35E8
0x
35EC
0x
35F0
0x
35F4
0x
35F8
0x
35FC
0x
3600
0x
3604
0x
3608
0x
360C
0x
3610
0x
3614
0x
3618
0x
361C
0x
3620
0x
3624
0x
3628
0x
362C
0x
3630
0x
3634
0x
3638
0x
363C
0x
3640
0x
3644
0x
3648
0x
364C
0x
3650
0x
3654
0x
3658
0x
365C
0x
3660
0x
3664
0x
3668
0x
366C
0x
3670
0x
3674
0x
3678
0x
367C
0x
3680
0x
3684
0x
3688
0x
368C
0x
3690
0x
3694
0x
3698
0x
369C
0x
36A0
0x
36A4
0x
36A8
0x
36AC
0x
36B0
0x
36B4
0x
36B8
0x
36BC
0x
36C0
0x
36C4
0x
36C8
0x
36CC
0x
36D0
0x
36D4
0x
36D8
0x
36DC
0x
36E4
0x
36E8
0x
36EC
0x
36F0
0x
36F4
0x
36F8
0x
36FC
0x
3700
0x
3704
0x
3708
0x
370C
0x
3710
0x
3714
0x
3718
0x
371C
0x
3720
0x
3724
0x
3728
0x
372C
0x
3730
0x
3734
0x
3738
0x
3744
0x
3748
0x
374C
0x
3750
0x
3754
0x
3758
0x
375C
0x
3760
0x
3764
0x
3768
0x
376C
0x
3770
0x
3774
0x
3778
0x
377C
0x
3780
0x
3784
0x
3788
0x
378C
0x
3790
0x
3794
0x
3798
0x
379C
0x
37A0
0x
37A4
0x
37A8
0x
37AC
0x
37B0
0x
37B4
0x
37B8
0x
37BC
0x
37C0
0x
37C4
0x
37C8
0x
37CC
0x
37D0
0x
37D4
0x
37D8
0x
37DC
0x
37E0
0x
37E4
0x
37E8
0x
37EC
0x
37F0
0x
37F4
0x
37F8
0x
37FC
0x
33E0
0x
3324
0x
33E4
0x
3320
0x
4B0
0x
C7C
0x
C74
0x
319C
0x
31E0
0x
32CC
0x
3198
0x
3804
0x
3808
0x
380C
0x
3810
0x
3814
0x
3818
0x
381C
0x
3820
0x
3824
0x
3828
0x
382C
0x
3830
0x
3834
0x
3838
0x
383C
0x
3840
0x
3844
0x
3848
0x
384C
0x
3850
0x
3854
0x
3858
0x
385C
0x
3864
0x
3868
0x
386C
0x
3870
0x
3874
0x
3878
0x
387C
0x
3880
0x
3884
0x
3888
0x
388C
0x
3890
0x
3894
0x
3898
0x
389C
0x
38A0
0x
38A4
0x
38A8
0x
38AC
0x
38B0
0x
38B4
0x
38B8
0x
38BC
0x
38C0
0x
38C4
0x
38C8
0x
38CC
0x
38D0
0x
38D4
0x
38D8
0x
38DC
0x
38E0
0x
38E4
0x
38E8
0x
38EC
0x
38F0
0x
38F4
0x
38F8
0x
38FC
0x
3900
0x
3904
0x
3908
0x
390C
0x
3910
0x
3914
0x
3918
0x
391C
0x
3920
0x
3924
0x
3928
0x
392C
0x
3930
0x
3934
0x
3938
0x
393C
0x
3940
0x
3944
0x
3948
0x
394C
0x
3950
0x
3954
0x
3958
0x
395C
0x
3960
0x
3964
0x
3968
0x
396C
0x
3970
0x
3974
0x
3978
0x
397C
0x
3980
0x
3984
0x
3988
0x
398C
0x
3990
0x
3994
0x
3998
0x
399C
0x
39A0
0x
39A4
0x
39A8
0x
39AC
0x
39B0
0x
39B4
0x
39B8
0x
39BC
0x
39C0
0x
39C4
0x
39C8
0x
39CC
0x
39D0
0x
39D4
0x
39D8
0x
39DC
0x
39E0
0x
39E4
0x
39E8
0x
39EC
0x
39F0
0x
39F4
0x
39F8
0x
39FC
0x
3A00
0x
3A04
0x
3A08
0x
3A0C
0x
3A10
0x
3A14
0x
3A18
0x
3A1C
0x
3A20
0x
3A24
0x
3A28
0x
3A2C
0x
3A30
0x
3A34
0x
3A38
0x
3A3C
0x
3A40
0x
3A44
0x
3A48
0x
3A4C
0x
3A50
0x
3A54
0x
3A58
0x
3A5C
0x
3A60
0x
3A64
0x
3A68
0x
3A6C
0x
3A70
0x
3A74
0x
3A78
0x
3A7C
0x
3A80
0x
3A84
0x
3A88
0x
3A8C
0x
3A90
0x
3A94
0x
3A98
0x
3A9C
0x
3AA0
0x
3AA4
0x
3AA8
0x
3AAC
0x
3AB0
0x
3AB4
0x
3AB8
0x
3ABC
0x
3AC0
0x
3AC4
0x
3AC8
0x
3ACC
0x
3AD0
0x
3AD4
0x
3AD8
0x
3ADC
0x
3AE0
0x
3AE4
0x
3AE8
0x
3AEC
0x
3AF0
0x
3AF4
0x
3AF8
0x
3AFC
0x
3B00
0x
3B04
0x
3B08
0x
3B0C
0x
3B10
0x
3B14
0x
3B18
0x
3B1C
0x
3B20
0x
3B24
0x
3B28
0x
3B2C
0x
3B30
0x
3B34
0x
3B38
0x
3B3C
0x
3B40
0x
3B44
0x
3B48
0x
3B4C
0x
3B50
0x
3B54
0x
3B58
0x
3B5C
0x
3B60
0x
3B64
0x
3B68
0x
3B6C
0x
3B70
0x
3B74
0x
3B78
0x
3B7C
0x
3B80
0x
3B84
0x
3B88
0x
3B8C
0x
3B90
0x
3B94
0x
3B98
0x
3B9C
0x
3BA0
0x
3BA4
0x
3BA8
0x
3BAC
0x
3BB0
0x
3BB4
0x
3BB8
0x
3BBC
0x
3BC0
0x
3BC4
0x
3BC8
0x
3BCC
0x
3BD0
0x
3BD4
0x
3BD8
0x
3BDC
0x
3BE0
0x
3BE4
0x
3BE8
0x
3BEC
0x
3BF0
0x
3BF4
0x
3BF8
0x
3BFC
0x
32BC
0x
31C0
0x
31A0
0x
2464
0x
2460
0x
28C
0x
868
0x
238
0x
930
0x
120
0x
314
0x
614
0x
928
0x
918
0x
A48
0x
43C
0x
F4
0x
478
0x
428
0x
3740
0x
DAC
0x
3390
0x
373C
0x
3460
0x
36E0
0x
338C
0x
35A0
0x
33E8
0x
33DC
0x
3C04
0x
3C08
0x
3C0C
0x
3C10
0x
3C14
0x
3C18
0x
3C1C
0x
3C20
0x
3C24
0x
3C28
0x
3C2C
0x
3C30
0x
3C34
0x
3C38
0x
3C3C
0x
3C40
0x
3C44
0x
3C48
0x
3C4C
0x
3C50
0x
3C54
0x
3C58
0x
3C5C
0x
3C60
0x
3C64
0x
3C68
0x
3C6C
0x
3C70
0x
3C74
0x
3C78
0x
3C7C
0x
3C80
0x
3C84
0x
3C88
0x
3C8C
0x
3C90
0x
3C94
0x
3C98
0x
3C9C
0x
3CA0
0x
3CA4
0x
3CA8
0x
3CAC
0x
3CB0
0x
3CB4
0x
3CB8
0x
3CBC
0x
3CC0
0x
3CC4
0x
3CC8
0x
3CCC
0x
3CD0
0x
3CD4
0x
3CD8
0x
3CDC
0x
3CE0
0x
3CE4
0x
3CE8
0x
3CEC
0x
3CF0
0x
3CF4
0x
3CF8
0x
3CFC
0x
3D00
0x
3D04
0x
3D08
0x
3D0C
0x
3D10
0x
3D14
0x
3D18
0x
3D1C
0x
3D20
0x
3D24
0x
3D28
0x
3D2C
0x
3D30
0x
3D34
0x
3D38
0x
3D3C
0x
3D40
0x
3D44
0x
3D48
0x
3D4C
0x
3D50
0x
3D54
0x
3D58
0x
3D5C
0x
3D60
0x
3D64
0x
3D68
0x
3D6C
0x
3D70
0x
3D74
0x
3D78
0x
3D7C
0x
3D80
0x
3D84
0x
3D88
0x
3D8C
0x
3D90
0x
3D94
0x
3D98
0x
3D9C
0x
3DA0
0x
3DA4
0x
3DA8
0x
3DAC
0x
3DB0
0x
3DB4
0x
3DB8
0x
3DBC
0x
3DC0
0x
3DC4
0x
3DC8
0x
3DCC
0x
3DD0
0x
3DD4
0x
3DD8
0x
3DDC
0x
3DE0
0x
3DE4
0x
3DE8
0x
3DEC
0x
3DF0
0x
3DF4
0x
3DF8
0x
3DFC
0x
3E00
0x
3E04
0x
3E08
0x
3E0C
0x
3E10
0x
3E14
0x
3E18
0x
3E1C
0x
3E20
0x
3E24
0x
3E28
0x
3E2C
0x
3E30
0x
3E34
0x
3E38
0x
3E3C
0x
3E40
0x
3E44
0x
3E48
0x
3E4C
0x
3E50
0x
3E54
0x
3E58
0x
3E5C
0x
3E60
0x
3E64
0x
3E68
0x
3E6C
0x
3E70
0x
3E74
0x
3E78
0x
3E7C
0x
3E80
0x
3E84
0x
3E88
0x
3E8C
0x
3E90
0x
3E94
0x
3E98
0x
3E9C
0x
3EA0
0x
3EB8
0x
3EBC
0x
3EC0
0x
3EC4
0x
3EC8
0x
3ECC
0x
3ED0
0x
3ED8
0x
3EDC
0x
3EE0
0x
3EE4
0x
3EE8
0x
3EEC
0x
3EF0
0x
3EF4
0x
3EF8
0x
3EFC
0x
3F00
0x
3F04
0x
3F08
0x
3F0C
0x
3F10
0x
3F14
0x
3F18
0x
3F1C
0x
3F20
0x
3F24
0x
3F28
0x
3F2C
0x
3F30
0x
3F34
0x
3F38
0x
3F3C
0x
3F40
0x
3F44
0x
3F48
0x
3F4C
0x
3F50
0x
3F54
0x
3F58
0x
3F5C
0x
3F60
0x
3F64
0x
3F68
0x
3F6C
0x
3F70
0x
3F74
0x
3F78
0x
3F7C
0x
3F80
0x
3F84
0x
3F88
0x
3F8C
0x
3F90
0x
3F94
0x
3F98
0x
3F9C
0x
3FA0
0x
3FA4
0x
3FA8
0x
3FAC
0x
3FB0
0x
3FB4
0x
3FB8
0x
3FBC
0x
3FC0
0x
3FC4
0x
3FC8
0x
3FD0
0x
3FD4
0x
3FD8
0x
3FDC
0x
3FE0
0x
3FE4
0x
3FE8
0x
3FEC
0x
3FF0
0x
3FF4
0x
3FF8
0x
3FFC
0x
55C
0x
C2C
0x
3EA0
0x
3EB0
0x
4004
0x
400C
0x
4010
0x
4014
0x
4018
0x
401C
0x
4020
0x
4024
0x
4028
0x
4034
0x
4038
0x
403C
0x
4040
0x
4044
0x
4048
0x
404C
0x
4050
0x
4054
0x
4060
0x
4064
0x
4068
0x
406C
0x
4070
0x
4074
0x
4078
0x
407C
0x
4080
0x
4084
0x
4088
0x
408C
0x
4090
0x
4094
0x
4098
0x
40A8
0x
40AC
0x
40B0
0x
40B4
0x
40B8
0x
40BC
0x
40C0
0x
40C4
0x
40C8
0x
40CC
0x
40D0
0x
40D4
0x
40D8
0x
40DC
0x
40E0
0x
40E4
0x
40EC
0x
40F0
0x
40F4
0x
40F8
0x
40FC
0x
4100
0x
4104
0x
4108
0x
410C
0x
4110
0x
4114
0x
4118
0x
411C
0x
4120
0x
4124
0x
4128
0x
412C
0x
4130
0x
4134
0x
4138
0x
413C
0x
4140
0x
4144
0x
4148
0x
414C
0x
4150
0x
4154
0x
4158
0x
415C
0x
4160
0x
4164
0x
4168
0x
416C
0x
4170
0x
4174
0x
4178
0x
417C
0x
4180
0x
4184
0x
4188
0x
418C
0x
4190
0x
4194
0x
4198
0x
419C
0x
41A0
0x
41A4
0x
41A8
0x
41AC
0x
41B0
0x
41B4
0x
41B8
0x
41BC
0x
41C0
0x
41C4
0x
41D0
0x
41D4
0x
41D8
0x
41DC
0x
41E0
0x
41E4
0x
41E8
0x
41EC
0x
41F0
0x
41F4
0x
41F8
0x
41FC
0x
4200
0x
4204
0x
4208
0x
420C
0x
4210
0x
4214
0x
4218
0x
421C
0x
4220
0x
4224
0x
4228
0x
422C
0x
4230
0x
4234
0x
4238
0x
423C
0x
4240
0x
4244
0x
4248
0x
424C
0x
4250
0x
4254
0x
4258
0x
425C
0x
4260
0x
4264
0x
4268
0x
426C
0x
4270
0x
4274
0x
4278
0x
427C
0x
4280
0x
4284
0x
4288
0x
428C
0x
4290
0x
4294
0x
4298
0x
429C
0x
42A0
0x
42A4
0x
42A8
0x
42AC
0x
42B0
0x
42B4
0x
42B8
0x
42BC
0x
42C0
0x
42C4
0x
42C8
0x
42CC
0x
42D0
0x
42D4
0x
42D8
0x
42E0
0x
42E4
0x
42E8
0x
42EC
0x
42F0
0x
42F4
0x
42F8
0x
42FC
0x
4300
0x
4304
0x
4308
0x
430C
0x
4310
0x
4314
0x
4318
0x
431C
0x
4320
0x
4324
0x
4328
0x
432C
0x
4330
0x
4334
0x
4338
0x
433C
0x
4340
0x
4344
0x
4348
0x
434C
0x
4350
0x
4354
0x
4358
0x
435C
0x
4360
0x
4364
0x
4368
0x
436C
0x
4370
0x
4374
0x
4378
0x
437C
0x
4380
0x
4384
0x
4388
0x
438C
0x
4390
0x
4394
0x
4398
0x
439C
0x
43A0
0x
43A4
0x
43A8
0x
43AC
0x
43B0
0x
43B4
0x
43B8
0x
43BC
0x
43C0
0x
43C4
0x
43C8
0x
43CC
0x
43D0
0x
43D4
0x
43D8
0x
43DC
0x
43E0
0x
43E4
0x
43E8
0x
43EC
0x
43F0
0x
43F4
0x
43F8
0x
43FC
0x
3FE4
0x
405C
0x
4404
0x
4408
0x
440C
0x
4410
0x
4414
0x
4418
0x
441C
0x
4420
0x
4424
0x
4428
0x
442C
0x
4430
0x
443C
0x
4440
0x
4444
0x
4448
0x
444C
0x
4450
0x
4454
0x
4458
0x
445C
0x
4460
0x
4464
0x
4468
0x
446C
0x
4470
0x
4474
0x
4478
0x
447C
0x
4480
0x
4484
0x
4488
0x
448C
0x
4490
0x
4494
0x
4498
0x
449C
0x
44A0
0x
44A4
0x
44A8
0x
44AC
0x
44B0
0x
44B4
0x
44B8
0x
44BC
0x
44C0
0x
44C4
0x
44C8
0x
44CC
0x
44D0
0x
44D4
0x
44D8
0x
44DC
0x
44E0
0x
44E4
0x
44E8
0x
44EC
0x
44F0
0x
44F8
0x
44FC
0x
4500
0x
4504
0x
4508
0x
450C
0x
4510
0x
4514
0x
4518
0x
451C
0x
4520
0x
4524
0x
4528
0x
452C
0x
4530
0x
4534
0x
4538
0x
453C
0x
4540
0x
4544
0x
4548
0x
454C
0x
4550
0x
4554
0x
4558
0x
455C
0x
4560
0x
4564
0x
4568
0x
456C
0x
4570
0x
4574
0x
4578
0x
457C
0x
4580
0x
4584
0x
4588
0x
458C
0x
4590
0x
4594
0x
4598
0x
459C
0x
45A0
0x
45A4
0x
45A8
0x
45AC
0x
45B0
0x
45B4
0x
45B8
0x
45BC
0x
45C0
0x
45C4
0x
45C8
0x
45CC
0x
45D0
0x
45D4
0x
45D8
0x
45DC
0x
45E0
0x
45E4
0x
45E8
0x
45EC
0x
45F0
0x
45F4
0x
45F8
0x
45FC
0x
4600
0x
4604
0x
4608
0x
460C
0x
4610
0x
4614
0x
4618
0x
461C
0x
4620
0x
4624
0x
4628
0x
462C
0x
4630
0x
4634
0x
4638
0x
463C
0x
4640
0x
4644
0x
4648
0x
464C
0x
4650
0x
4654
0x
4658
0x
465C
0x
4660
0x
4664
0x
4668
0x
466C
0x
4670
0x
4674
0x
4678
0x
467C
0x
4680
0x
4684
0x
4688
0x
468C
0x
4690
0x
4694
0x
4698
0x
469C
0x
46A0
0x
46A4
0x
46A8
0x
46AC
0x
46B0
0x
46B4
0x
46B8
0x
46BC
0x
46C0
0x
46C4
0x
46C8
0x
46CC
0x
46D0
0x
46D4
0x
46D8
0x
46DC
0x
46E0
0x
46E4
0x
46E8
0x
46EC
0x
46F0
0x
46F4
0x
46F8
0x
46FC
0x
4700
0x
4704
0x
4708
0x
470C
0x
4710
0x
4714
0x
4718
0x
471C
0x
4720
0x
4724
0x
4728
0x
472C
0x
4730
0x
4734
0x
4738
0x
473C
0x
4740
0x
4744
0x
4748
0x
474C
0x
4750
0x
4754
0x
4758
0x
475C
0x
4760
0x
4764
0x
4768
0x
476C
0x
4770
0x
4774
0x
4778
0x
477C
0x
4780
0x
4784
0x
4788
0x
478C
0x
4790
0x
4794
0x
4798
0x
479C
0x
47A0
0x
47A4
0x
47A8
0x
47AC
0x
47B0
0x
47B4
0x
47B8
0x
47BC
0x
47C0
0x
47C4
0x
47C8
0x
47CC
0x
47D0
0x
47D4
0x
47D8
0x
47DC
0x
47E0
0x
47E4
0x
47E8
0x
47EC
0x
47F0
0x
47F4
0x
47F8
0x
47FC
0x
40A4
0x
41C8
0x
3EA8
0x
3ED4
0x
40A0
0x
4008
0x
3FCC
0x
3EA4
0x
3EB4
0x
4438
0x
3EAC
0x
44F4
0x
4030
0x
4804
0x
4808
0x
480C
0x
4810
0x
4814
0x
4818
0x
481C
0x
4820
0x
4824
0x
4828
0x
482C
0x
4830
0x
4834
0x
4838
0x
483C
0x
4840
0x
4844
0x
4848
0x
484C
0x
4850
0x
4854
0x
4858
0x
485C
0x
4860
0x
4864
0x
4868
0x
486C
0x
4870
0x
4874
0x
4878
0x
487C
0x
4880
0x
4884
0x
4888
0x
488C
0x
4890
0x
4894
0x
4898
0x
489C
0x
48A0
0x
48A4
0x
48A8
0x
48AC
0x
48B0
0x
48B4
0x
48B8
0x
48BC
0x
48C0
0x
48C4
0x
48C8
0x
48CC
0x
48D0
0x
48D4
0x
48D8
0x
48DC
0x
48E0
0x
48E4
0x
48E8
0x
48EC
0x
48F0
0x
48F4
0x
48F8
0x
48FC
0x
4900
0x
4904
0x
4908
0x
490C
0x
4910
0x
4914
0x
4918
0x
491C
0x
4920
0x
4924
0x
4928
0x
492C
0x
4930
0x
4934
0x
4938
0x
493C
0x
4940
0x
4944
0x
4948
0x
494C
0x
4950
0x
4954
0x
4958
0x
495C
0x
4960
0x
4964
0x
4968
0x
496C
0x
4970
0x
4974
0x
4978
0x
497C
0x
4980
0x
4984
0x
4988
0x
498C
0x
4990
0x
4994
0x
4998
0x
499C
0x
49A0
0x
49A4
0x
49A8
0x
49AC
0x
49B0
0x
49B4
0x
49B8
0x
49BC
0x
49C0
0x
49C4
0x
49C8
0x
49CC
0x
49D0
0x
49D4
0x
49D8
0x
49DC
0x
49E0
0x
49E4
0x
49E8
0x
49EC
0x
49F0
0x
49F4
0x
49F8
0x
49FC
0x
4A00
0x
4A04
0x
4A08
0x
4A0C
0x
4A10
0x
4A14
0x
4A18
0x
4A1C
0x
4A20
0x
4A24
0x
4A28
0x
4A2C
0x
4A30
0x
4A34
0x
4A38
0x
4A3C
0x
4A40
0x
4A44
0x
4A48
0x
4A4C
0x
4A50
0x
4A54
0x
4A58
0x
4A5C
0x
4A60
0x
4A64
0x
4A68
0x
4A6C
0x
4A70
0x
4A74
0x
4A78
0x
4A7C
0x
4A80
0x
4A84
0x
4A88
0x
4A8C
0x
4A90
0x
4A94
0x
4A98
0x
4A9C
0x
4AA0
0x
4AA4
0x
4AA8
0x
4AAC
0x
4AB0
0x
4AB4
0x
4AB8
0x
4ABC
0x
4AC0
0x
4AC4
0x
4AC8
0x
4ACC
0x
4AD0
0x
4AD4
0x
4AD8
0x
4ADC
0x
4AE0
0x
4AE4
0x
4AE8
0x
4AEC
0x
4AF0
0x
4AF4
0x
4AF8
0x
4AFC
0x
4B00
0x
4B04
0x
4B08
0x
4B0C
0x
4B10
0x
4B14
0x
4B18
0x
4B1C
0x
4B20
0x
4B24
0x
4B28
0x
4B2C
0x
4B30
0x
4B34
0x
4B38
0x
4B3C
0x
4B40
0x
4B44
0x
4B48
0x
4B4C
0x
4B50
0x
4B54
0x
4B58
0x
4B5C
0x
4B60
0x
4B64
0x
4B68
0x
4B6C
0x
4B70
0x
4B74
0x
4B78
0x
4B7C
0x
4B80
0x
4B84
0x
4B88
0x
4B8C
0x
4B90
0x
4B94
0x
4B98
0x
4B9C
0x
4BA0
0x
4BA4
0x
4BA8
0x
4BAC
0x
4BB0
0x
4BB4
0x
4BB8
0x
4BBC
0x
4BC0
0x
4BC4
0x
4BC8
0x
4BCC
0x
4BD0
0x
4BD4
0x
4BD8
0x
4BDC
0x
4BE0
0x
4BE4
0x
4BE8
0x
4BEC
0x
4BF0
0x
4BF4
0x
4BF8
0x
4BFC
0x
4434
0x
40E8
0x
42DC
0x
41CC
0x
409C
0x
4C04
0x
4C08
0x
4C0C
0x
4C10
0x
4C14
0x
4C18
0x
4C1C
0x
4C20
0x
4C24
0x
4C28
0x
4C2C
0x
4C30
0x
4C34
0x
4C38
0x
4C3C
0x
4C40
0x
4C44
0x
4C48
0x
4C4C
0x
4C50
0x
4C54
0x
4C58
0x
4C5C
0x
4C60
0x
4C64
0x
4C68
0x
4C6C
0x
4C70
0x
4C74
0x
4C78
0x
4C7C
0x
4C80
0x
4C84
0x
4C88
0x
4C8C
0x
4C90
0x
4C94
0x
4C98
0x
4C9C
0x
4CA0
0x
4CA4
0x
4CA8
0x
4CAC
0x
4CB0
0x
4CB4
0x
4CB8
0x
4CBC
0x
4CC0
0x
4CC4
0x
4CC8
0x
4CCC
0x
4CD0
0x
4CD4
0x
4CD8
0x
4CDC
0x
4CE0
0x
4CE4
0x
4CE8
0x
4CEC
0x
4CF0
0x
4CF4
0x
4CF8
0x
4CFC
0x
4D00
0x
4D04
0x
4D08
0x
4D0C
0x
4D10
0x
4D14
0x
4D18
0x
4D1C
0x
4D20
0x
4D24
0x
4D28
0x
4D2C
0x
4D30
0x
4D34
0x
4D38
0x
4D3C
0x
4D40
0x
4D44
0x
4D48
0x
4D4C
0x
4D50
0x
4D54
0x
4D58
0x
4D5C
0x
4D60
0x
4D64
0x
4D68
0x
4D6C
0x
4D70
0x
4D74
0x
4D78
0x
4D7C
0x
4D80
0x
4D84
0x
4D88
0x
4D8C
0x
4D90
0x
4D94
0x
4D98
0x
4D9C
0x
4DA0
0x
4DA4
0x
4DA8
0x
4DAC
0x
4DB0
0x
4DB4
0x
4DB8
0x
4DBC
0x
4DC0
0x
4DC4
0x
4DC8
0x
4DCC
0x
4DD0
0x
4DD4
0x
4DD8
0x
4DDC
0x
4DE0
0x
4DE4
0x
4DE8
0x
4DEC
0x
4DF0
0x
4DF4
0x
4DF8
0x
4DFC
0x
4E00
0x
4E04
0x
4E08
0x
4E0C
0x
4E10
0x
4E14
0x
4E18
0x
4E1C
0x
4E20
0x
4E24
0x
4E28
0x
4E2C
0x
4E30
0x
4E34
0x
4E38
0x
4E3C
0x
4E40
0x
4E44
0x
4E48
0x
4E4C
0x
4E50
0x
4E54
0x
4E58
0x
4E5C
0x
4E60
0x
4E64
0x
4E68
0x
4E6C
0x
4E70
0x
4E74
0x
4E78
0x
4E7C
0x
4E80
0x
4E84
0x
4E88
0x
4E8C
0x
4E90
0x
4E94
0x
4E98
0x
4E9C
0x
4EA0
0x
4EA4
0x
4EA8
0x
4EAC
0x
4EB0
0x
4EB4
0x
4EB8
0x
4EBC
0x
4EC0
0x
4EC4
0x
4EC8
0x
4ECC
0x
4ED0
0x
4ED4
0x
4ED8
0x
4EDC
0x
4EE0
0x
4EE4
0x
4EE8
0x
4EEC
0x
4EF0
0x
4EF4
0x
4EF8
0x
4EFC
0x
4F00
0x
4F04
0x
4F08
0x
4F0C
0x
4F10
0x
4F14
0x
4F18
0x
4F1C
0x
4F20
0x
4F24
0x
4F28
0x
4F2C
0x
4F30
0x
4F34
0x
4F38
0x
4F3C
0x
4F40
0x
4F44
0x
4F48
0x
4F4C
0x
4F50
0x
4F54
0x
4F58
0x
4F5C
0x
4F60
0x
4F64
0x
4F68
0x
4F6C
0x
4F70
0x
4F74
0x
4F78
0x
4F7C
0x
4F80
0x
4F84
0x
4F88
0x
4F8C
0x
4F90
0x
4F94
0x
4F98
0x
4F9C
0x
4FA0
0x
4FA4
0x
4FA8
0x
4FAC
0x
4FB0
0x
4FB4
0x
4FB8
0x
4FBC
0x
4FC0
0x
4FC4
0x
4FC8
0x
4FCC
0x
4FD0
0x
4FD4
0x
4FD8
0x
4FDC
0x
4FE0
0x
4FE4
0x
4FE8
0x
4FEC
0x
4FF0
0x
4FF4
0x
4FF8
0x
4FFC
0x
5004
0x
5008
0x
500C
0x
5010
0x
5014
0x
5018
0x
501C
0x
5020
0x
5024
0x
5028
0x
502C
0x
5030
0x
5034
0x
5038
0x
503C
0x
5040
0x
5044
0x
5048
0x
504C
0x
5050
0x
5054
0x
5058
0x
505C
0x
5060
0x
5064
0x
5068
0x
506C
0x
5070
0x
5074
0x
5078
0x
507C
0x
5080
0x
5084
0x
5088
0x
508C
0x
5090
0x
5094
0x
5098
0x
509C
0x
50A0
0x
50A4
0x
50A8
0x
50AC
0x
50B0
0x
50B4
0x
50C0
0x
50C4
0x
50C8
0x
50CC
0x
50D0
0x
50D4
0x
50D8
0x
50DC
0x
50E0
0x
50E4
0x
50E8
0x
50EC
0x
50F0
0x
50F4
0x
5100
0x
5104
0x
5108
0x
510C
0x
5110
0x
5114
0x
5118
0x
511C
0x
5120
0x
5124
0x
512C
0x
5130
0x
5134
0x
5138
0x
513C
0x
5140
0x
5144
0x
5148
0x
514C
0x
5150
0x
5154
0x
5158
0x
515C
0x
5160
0x
5164
0x
516C
0x
5170
0x
5174
0x
5178
0x
517C
0x
5180
0x
5184
0x
5188
0x
518C
0x
5190
0x
5194
0x
5198
0x
519C
0x
51A0
0x
51A4
0x
51A8
0x
51AC
0x
51B0
0x
51B4
0x
51B8
0x
51BC
0x
51C0
0x
51C4
0x
51C8
0x
51CC
0x
51D0
0x
51D4
0x
51D8
0x
51DC
0x
51E0
0x
51E4
0x
51E8
0x
51EC
0x
51F0
0x
51F4
0x
51F8
0x
51FC
0x
5200
0x
5208
0x
520C
0x
5210
0x
5214
0x
5218
0x
521C
0x
5220
0x
5224
0x
5228
0x
522C
0x
5230
0x
5234
0x
5238
0x
523C
0x
5240
0x
5244
0x
5248
0x
524C
0x
5250
0x
5254
0x
5258
0x
5264
0x
5268
0x
526C
0x
5270
0x
5280
0x
5284
0x
5288
0x
528C
0x
5290
0x
5294
0x
5298
0x
52A0
0x
52A4
0x
52A8
0x
52AC
0x
52B0
0x
52B4
0x
52B8
0x
52BC
0x
52C0
0x
52C4
0x
52CC
0x
52D0
0x
52D4
0x
52D8
0x
52DC
0x
52E0
0x
52E4
0x
52E8
0x
52EC
0x
52F0
0x
52F4
0x
52F8
0x
52FC
0x
5300
0x
5304
0x
5308
0x
530C
0x
5310
0x
5314
0x
5318
0x
5324
0x
5328
0x
532C
0x
5330
0x
5334
0x
5338
0x
533C
0x
5340
0x
5348
0x
534C
0x
5350
0x
535C
0x
5360
0x
5364
0x
5368
0x
536C
0x
5370
0x
5374
0x
5378
0x
537C
0x
5380
0x
5384
0x
5388
0x
538C
0x
5390
0x
5394
0x
5398
0x
539C
0x
53A0
0x
53A4
0x
53A8
0x
53AC
0x
53B0
0x
53B4
0x
53B8
0x
53BC
0x
53C0
0x
53C4
0x
53C8
0x
53D8
0x
53DC
0x
53E0
0x
53E4
0x
53E8
0x
53EC
0x
53F0
0x
53F4
0x
53F8
0x
53FC
0x
500C
0x
50FC
0x
51D8
0x
5278
0x
5320
0x
5358
0x
531C
0x
50BC
0x
5168
0x
527C
0x
50B8
0x
5204
0x
5128
0x
53D0
0x
53D4
0x
53CC
0x
5260
0x
52C8
0x
5354
0x
525C
0x
5344
0x
529C
0x
402C
0x
4058
0x
50F8
0x
5274
0x
5404
0x
5408
0x
540C
0x
5410
0x
5414
0x
5418
0x
541C
0x
5420
0x
5424
0x
5428
0x
542C
0x
5430
0x
5434
0x
5438
0x
543C
0x
5440
0x
5444
0x
5448
0x
544C
0x
5450
0x
5454
0x
5458
0x
545C
0x
5460
0x
5464
0x
5468
0x
546C
0x
5470
0x
5474
0x
5478
0x
547C
0x
5480
0x
5484
0x
5488
0x
548C
0x
5490
0x
5494
0x
5498
0x
549C
0x
54A0
0x
54A4
0x
54A8
0x
54AC
0x
54B0
0x
54B4
0x
54B8
0x
54BC
0x
54C0
0x
54C4
0x
54C8
0x
54CC
0x
54D0
0x
54D4
0x
54D8
0x
54DC
0x
54E0
0x
54E4
0x
54E8
0x
54EC
0x
54F0
0x
54F4
0x
54F8
0x
54FC
0x
5500
0x
5504
0x
5508
0x
550C
0x
5510
0x
5514
0x
5518
0x
551C
0x
5520
0x
5524
0x
5528
0x
552C
0x
5530
0x
5534
0x
5538
0x
553C
0x
5540
0x
5544
0x
5548
0x
554C
0x
5550
0x
5554
0x
5558
0x
555C
0x
5560
0x
5564
0x
5568
0x
556C
0x
5570
0x
5574
0x
5578
0x
557C
0x
5580
0x
5584
0x
5588
0x
558C
0x
5590
0x
5594
0x
5598
0x
559C
0x
55A0
0x
55A4
0x
55A8
0x
55AC
0x
55B0
0x
55B4
0x
55B8
0x
55BC
0x
55C0
0x
55C4
0x
55C8
0x
55CC
0x
55D0
0x
55D4
0x
55D8
0x
55DC
0x
55E0
0x
55E4
0x
55E8
0x
55EC
0x
55F0
0x
55F4
0x
55F8
0x
55FC
0x
5600
0x
5604
0x
5608
0x
560C
0x
5610
0x
5614
0x
5618
0x
561C
0x
5620
0x
5624
0x
5628
0x
562C
0x
5630
0x
5634
0x
5638
0x
563C
0x
5640
0x
5644
0x
5648
0x
564C
0x
5650
0x
5654
0x
5658
0x
565C
0x
5660
0x
5664
0x
5668
0x
566C
0x
5670
0x
5674
0x
5678
0x
567C
0x
5680
0x
5684
0x
5688
0x
568C
0x
5690
0x
5694
0x
5698
0x
569C
0x
56A0
0x
56A4
0x
56A8
0x
56AC
0x
56B0
0x
56B4
0x
56B8
0x
56BC
0x
56C0
0x
56C4
0x
56C8
0x
56CC
0x
56D0
0x
56D4
0x
56D8
0x
56DC
0x
56E0
0x
56E4
0x
56E8
0x
56EC
0x
56F0
0x
56F4
0x
56F8
0x
56FC
0x
5700
0x
5704
0x
5708
0x
570C
0x
5710
0x
5714
0x
5718
0x
571C
0x
5720
0x
5724
0x
5728
0x
572C
0x
5730
0x
5734
0x
5738
0x
573C
0x
5740
0x
5744
0x
5748
0x
574C
0x
5750
0x
5754
0x
5758
0x
575C
0x
5760
0x
5764
0x
5768
0x
5774
0x
5778
0x
577C
0x
5780
0x
5784
0x
5788
0x
578C
0x
5790
0x
5794
0x
5798
0x
579C
0x
57A0
0x
57A4
0x
57A8
0x
57B8
0x
57BC
0x
57C0
0x
57C4
0x
57C8
0x
57CC
0x
57D0
0x
57D4
0x
57D8
0x
57DC
0x
57E0
0x
57E4
0x
57E8
0x
57EC
0x
57F0
0x
57F4
0x
57F8
0x
57FC
0x
5768
0x
5804
0x
5808
0x
580C
0x
5810
0x
5814
0x
581C
0x
5820
0x
5824
0x
5828
0x
582C
0x
5830
0x
5834
0x
5838
0x
583C
0x
5840
0x
5844
0x
5848
0x
584C
0x
5850
0x
5854
0x
5858
0x
585C
0x
5860
0x
5864
0x
5868
0x
586C
0x
5870
0x
5874
0x
5878
0x
587C
0x
5880
0x
5884
0x
5888
0x
588C
0x
5890
0x
5894
0x
5898
0x
589C
0x
58A0
0x
58A4
0x
58A8
0x
58AC
0x
58B0
0x
58B4
0x
58B8
0x
58BC
0x
58C0
0x
58C4
0x
58CC
0x
58D4
0x
58D8
0x
58E4
0x
591C
0x
5920
0x
5924
0x
5928
0x
592C
0x
5930
0x
5934
0x
5938
0x
593C
0x
5940
0x
5944
0x
5948
0x
594C
0x
5950
0x
5954
0x
5958
0x
595C
0x
5960
0x
5964
0x
5968
0x
596C
0x
5970
0x
5974
0x
5978
0x
597C
0x
5980
0x
5984
0x
5988
0x
598C
0x
5990
0x
5994
0x
5998
0x
599C
0x
59A0
0x
59A4
0x
59A8
0x
59AC
0x
59B0
0x
59B4
0x
59B8
0x
59BC
0x
59C0
0x
59C4
0x
59C8
0x
59CC
0x
59D0
0x
59D4
0x
59D8
0x
59DC
0x
59E0
0x
59E4
0x
59E8
0x
59EC
0x
59F0
0x
59F4
0x
59F8
0x
59FC
0x
5A00
0x
5A04
0x
5A08
0x
5A0C
0x
5A10
0x
5A14
0x
5A18
0x
5A1C
0x
5A20
0x
5A24
0x
5A28
0x
5A2C
0x
5A30
0x
5A34
0x
5A38
0x
5A3C
0x
5A40
0x
5A44
0x
5A48
0x
5A4C
0x
5A50
0x
5A54
0x
5A58
0x
5A5C
0x
5A60
0x
5A64
0x
5A68
0x
5A6C
0x
5A70
0x
5A74
0x
5A80
0x
5A84
0x
5A88
0x
5A8C
0x
5A90
0x
5A94
0x
5A98
0x
5A9C
0x
5AA0
0x
5AA4
0x
5AA8
0x
5AAC
0x
5AB0
0x
5AB4
0x
5AB8
0x
5ABC
0x
5AC0
0x
5AC4
0x
5AC8
0x
5ACC
0x
5AD0
0x
5AD4
0x
5AD8
0x
5ADC
0x
5AE0
0x
5AE4
0x
5AE8
0x
5AEC
0x
5AF0
0x
5AF4
0x
5AF8
0x
5AFC
0x
5B00
0x
5B04
0x
5B08
0x
5B0C
0x
5B10
0x
5B14
0x
5B18
0x
5B34
0x
5B38
0x
5B3C
0x
5B40
0x
5B44
0x
5B48
0x
5B4C
0x
5B50
0x
5B54
0x
5B58
0x
5B5C
0x
5B60
0x
5B64
0x
5B68
0x
5B6C
0x
5B70
0x
5B74
0x
5B78
0x
5B7C
0x
5B80
0x
5B84
0x
5B88
0x
5B8C
0x
5B90
0x
5B94
0x
5B98
0x
5B9C
0x
5BA0
0x
5BA4
0x
5BAC
0x
5BB0
0x
5BB8
0x
5BBC
0x
5BC0
0x
5BCC
0x
5BD0
0x
5BD4
0x
5BD8
0x
5BDC
0x
5BE0
0x
5BE4
0x
5BE8
0x
5BF0
0x
5BF4
0x
5BF8
0x
5BFC
0x
57B0
0x
58CC
0x
E58
0x
58EC
0x
58F8
0x
5770
0x
5818
0x
57B4
0x
5910
0x
57AC
0x
5914
0x
58E0
0x
590C
0x
5908
0x
5900
0x
58E8
0x
5918
0x
244C
0x
5B08
0x
5B28
0x
2470
0x
57B0
0x
58C8
0x
5C04
0x
5C08
0x
5C0C
0x
5C10
0x
5C14
0x
5C18
0x
5C1C
0x
5C20
0x
5C24
0x
5C28
0x
5C2C
0x
5C30
0x
5C34
0x
5C38
0x
5C3C
0x
5C40
0x
5C44
0x
5C48
0x
5C4C
0x
5C50
0x
5C58
0x
5C5C
0x
5C60
0x
5C64
0x
5C68
0x
5C6C
0x
5C70
0x
5C74
0x
5C78
0x
5C7C
0x
5C80
0x
5C94
0x
5C98
0x
5C9C
0x
5CA0
0x
5CA4
0x
5CA8
0x
5CAC
0x
5CB0
0x
5CB4
0x
5CB8
0x
5CBC
0x
5CC0
0x
5CC4
0x
5CC8
0x
5CCC
0x
5CD0
0x
5CD4
0x
5CD8
0x
5CDC
0x
5CE0
0x
5CE4
0x
5CE8
0x
5CEC
0x
5CF0
0x
5CF4
0x
5CF8
0x
5CFC
0x
5D00
0x
5D04
0x
5D08
0x
5D0C
0x
5D10
0x
5D14
0x
5D18
0x
5D1C
0x
5D20
0x
5D24
0x
5D28
0x
5D2C
0x
5D30
0x
5D34
0x
5D38
0x
5D3C
0x
5D40
0x
5D48
0x
5D4C
0x
5D50
0x
5D54
0x
5D58
0x
5D5C
0x
5D60
0x
5D64
0x
5D68
0x
5D6C
0x
5D70
0x
5D74
0x
5D78
0x
5D7C
0x
5D80
0x
5D84
0x
5D88
0x
5D8C
0x
5D90
0x
5D94
0x
5D98
0x
5D9C
0x
5DA0
0x
5DA4
0x
5DA8
0x
5DAC
0x
5DB0
0x
5DB4
0x
5DB8
0x
5DBC
0x
5DC0
0x
5DC4
0x
5DC8
0x
5DCC
0x
5DD0
0x
5DD4
0x
5DD8
0x
5DDC
0x
5DE0
0x
5DE4
0x
5DE8
0x
5DEC
0x
5DF0
0x
5DF4
0x
5DF8
0x
5DFC
0x
5E00
0x
5E04
0x
5E08
0x
5E0C
0x
5E10
0x
5E14
0x
5E18
0x
5E1C
0x
5E20
0x
5E24
0x
5E28
0x
5E2C
0x
5E30
0x
5E3C
0x
5E40
0x
5E44
0x
5E48
0x
5E4C
0x
5E58
0x
5E5C
0x
5E60
0x
5E64
0x
5E68
0x
5E74
0x
5E78
0x
5E7C
0x
5E84
0x
5E88
0x
5E8C
0x
5E90
0x
5E9C
0x
5EA0
0x
5EA4
0x
5EA8
0x
5EB8
0x
5EBC
0x
5EC0
0x
5EC4
0x
5EC8
0x
5ED0
0x
5ED4
0x
5ED8
0x
5EDC
0x
5EE0
0x
5EE4
0x
5EE8
0x
5EEC
0x
5EF0
0x
5EF4
0x
5EF8
0x
5EFC
0x
5F00
0x
5F04
0x
5F08
0x
5F0C
0x
5F10
0x
5F14
0x
5F18
0x
5F1C
0x
5F20
0x
5F24
0x
5F28
0x
5F2C
0x
5F30
0x
5F34
0x
5F38
0x
5F3C
0x
5F40
0x
5F44
0x
5F48
0x
5F4C
0x
5F50
0x
5F54
0x
5F68
0x
5F6C
0x
5F70
0x
5F74
0x
5F80
0x
5F84
0x
5F8C
0x
5F90
0x
5F98
0x
5F9C
0x
5FA0
0x
5FA4
0x
5FB4
0x
5FB8
0x
5FBC
0x
5FC0
0x
5FC4
0x
5FC8
0x
5FCC
0x
5FD0
0x
5FD4
0x
5FD8
0x
5FDC
0x
5FE0
0x
5FE4
0x
5FE8
0x
5FF0
0x
5FF4
0x
5FF8
0x
5FFC
0x
5BC8
0x
5BEC
0x
5B20
0x
5B30
0x
5BB4
0x
2454
0x
5BA8
0x
5B2C
0x
5C88
0x
5D44
0x
58F4
0x
58FC
0x
58F0
0x
5904
0x
58DC
0x
576C
0x
58D0
0x
5BC4
0x
5B1C
0x
5B24
0x
5C84
0x
5E4C
0x
5E70
0x
5EB4
0x
5ECC
0x
5E54
0x
5E94
0x
5EB0
0x
5EAC
0x
5E98
0x
5E50
0x
5E80
0x
5E6C
0x
5F44
0x
5F64
0x
5FAC
0x
5FB0
0x
5F5C
0x
5F7C
0x
6004
0x
6008
0x
600C
0x
6010
0x
6014
0x
6018
0x
601C
0x
6024
0x
6028
0x
602C
0x
6030
0x
603C
0x
6040
0x
6044
0x
6048
0x
604C
0x
6050
0x
6054
0x
6058
0x
6060
0x
6064
0x
6068
0x
606C
0x
6070
0x
6074
0x
6078
0x
607C
0x
6080
0x
6084
0x
6088
0x
608C
0x
6090
0x
6094
0x
60A0
0x
60A4
0x
60A8
0x
60AC
0x
60B0
0x
60B4
0x
60B8
0x
60BC
0x
60C0
0x
60C4
0x
60C8
0x
60CC
0x
60D0
0x
60D4
0x
60D8
0x
60DC
0x
60E0
0x
60E4
0x
60E8
0x
60EC
0x
60F0
0x
60F4
0x
60F8
0x
60FC
0x
6100
0x
6104
0x
6108
0x
610C
0x
6110
0x
6114
0x
6118
0x
611C
0x
6120
0x
6124
0x
6128
0x
612C
0x
6130
0x
6134
0x
6138
0x
613C
0x
6140
0x
6144
0x
6148
0x
614C
0x
6150
0x
6154
0x
6158
0x
615C
0x
6160
0x
6164
0x
6168
0x
616C
0x
6170
0x
6174
0x
6178
0x
617C
0x
6180
0x
6184
0x
6188
0x
618C
0x
6190
0x
6194
0x
6198
0x
619C
0x
61A0
0x
61A4
0x
61A8
0x
61AC
0x
61B0
0x
61B4
0x
61B8
0x
61BC
0x
61C0
0x
61C4
0x
61C8
0x
61CC
0x
61D0
0x
61D4
0x
61D8
0x
61DC
0x
61E0
0x
61E4
0x
61E8
0x
61EC
0x
61F0
0x
61F4
0x
61F8
0x
61FC
0x
6200
0x
6204
0x
6208
0x
620C
0x
6210
0x
6214
0x
6218
0x
621C
0x
6220
0x
6224
0x
6228
0x
622C
0x
6230
0x
6234
0x
6238
0x
623C
0x
6240
0x
6244
0x
6248
0x
624C
0x
6250
0x
6254
0x
6258
0x
625C
0x
6260
0x
6264
0x
6268
0x
626C
0x
6270
0x
6274
0x
6278
0x
627C
0x
6280
0x
6284
0x
6288
0x
628C
0x
6290
0x
6294
0x
6298
0x
629C
0x
62A0
0x
62A4
0x
62A8
0x
62AC
0x
62B0
0x
62B4
0x
62B8
0x
62BC
0x
62C0
0x
62C4
0x
62C8
0x
62CC
0x
62D0
0x
62D4
0x
62D8
0x
62DC
0x
62E0
0x
62E4
0x
62E8
0x
62EC
0x
62F0
0x
62F4
0x
62F8
0x
62FC
0x
6300
0x
6304
0x
6308
0x
630C
0x
6310
0x
6314
0x
6318
0x
631C
0x
6320
0x
6324
0x
6328
0x
632C
0x
6330
0x
6334
0x
6338
0x
633C
0x
6340
0x
6344
0x
6348
0x
634C
0x
6350
0x
6354
0x
6358
0x
635C
0x
6360
0x
6364
0x
6368
0x
636C
0x
6370
0x
6374
0x
6378
0x
637C
0x
6380
0x
6384
0x
6388
0x
638C
0x
6390
0x
6394
0x
6398
0x
639C
0x
63A0
0x
63A4
0x
63A8
0x
63AC
0x
63B0
0x
63B4
0x
63B8
0x
63BC
0x
63C0
0x
63C4
0x
63C8
0x
63CC
0x
63D0
0x
63D4
0x
63D8
0x
63DC
0x
63E0
0x
63E4
0x
63E8
0x
63EC
0x
63F0
0x
63F4
0x
63F8
0x
63FC
0x
5F60
0x
3C0
0x
1318
0x
6404
0x
6408
0x
640C
0x
6410
0x
6414
0x
6418
0x
641C
0x
6420
0x
6424
0x
6428
0x
642C
0x
6430
0x
6434
0x
6438
0x
643C
0x
6440
0x
6444
0x
6448
0x
644C
0x
6458
0x
645C
0x
6460
0x
6464
0x
6468
0x
646C
0x
6470
0x
6474
0x
6478
0x
647C
0x
6480
0x
6484
0x
6488
0x
648C
0x
6490
0x
6494
0x
64BC
0x
64C0
0x
64C4
0x
64C8
0x
64CC
0x
64D8
0x
64DC
0x
64E0
0x
64E4
0x
64EC
0x
64F0
0x
64F4
0x
64F8
0x
64FC
0x
6500
0x
6504
0x
6508
0x
650C
0x
6510
0x
6514
0x
6518
0x
651C
0x
6520
0x
6524
0x
6528
0x
652C
0x
6530
0x
6534
0x
6538
0x
653C
0x
6540
0x
6544
0x
6548
0x
654C
0x
6550
0x
6554
0x
6558
0x
6560
0x
6564
0x
6568
0x
656C
0x
6570
0x
6574
0x
6578
0x
657C
0x
6580
0x
6584
0x
6588
0x
658C
0x
6590
0x
6594
0x
6598
0x
659C
0x
65A0
0x
65AC
0x
65B0
0x
65B4
0x
65B8
0x
65BC
0x
65C0
0x
65C4
0x
65C8
0x
65CC
0x
65D0
0x
65D4
0x
65E0
0x
65E4
0x
6600
0x
6604
0x
6608
0x
660C
0x
6610
0x
6614
0x
6618
0x
6624
0x
6628
0x
662C
0x
6630
0x
6634
0x
6638
0x
663C
0x
6640
0x
6644
0x
6648
0x
664C
0x
6650
0x
6654
0x
6658
0x
665C
0x
6660
0x
6664
0x
6668
0x
666C
0x
6670
0x
6674
0x
6678
0x
667C
0x
6680
0x
6684
0x
6688
0x
668C
0x
6690
0x
6694
0x
6698
0x
669C
0x
66A0
0x
66A4
0x
66A8
0x
66AC
0x
66B0
0x
66B4
0x
66B8
0x
66BC
0x
66C0
0x
66C4
0x
66C8
0x
66CC
0x
66D0
0x
66D4
0x
66D8
0x
66DC
0x
66E0
0x
66E8
0x
66EC
0x
66F0
0x
66F4
0x
66F8
0x
66FC
0x
6700
0x
6704
0x
6708
0x
670C
0x
6710
0x
6714
0x
6718
0x
671C
0x
6720
0x
6724
0x
6728
0x
672C
0x
6730
0x
6734
0x
6738
0x
673C
0x
6740
0x
6744
0x
6748
0x
674C
0x
6750
0x
6754
0x
6758
0x
675C
0x
6760
0x
6764
0x
6768
0x
676C
0x
6770
0x
6774
0x
6778
0x
677C
0x
6780
0x
6784
0x
6788
0x
678C
0x
6790
0x
6794
0x
6798
0x
679C
0x
67A0
0x
67A4
0x
67A8
0x
67AC
0x
67B0
0x
67B4
0x
67B8
0x
67BC
0x
67C0
0x
67C4
0x
67C8
0x
67CC
0x
67D0
0x
67D4
0x
67D8
0x
67DC
0x
67E0
0x
67E4
0x
67E8
0x
67EC
0x
67F0
0x
67F4
0x
67F8
0x
67FC
0x
6494
0x
64A8
0x
64D4
0x
64E8
0x
64D0
0x
649C
0x
64B0
0x
64B8
0x
6498
0x
655C
0x
64B4
0x
64AC
0x
64A4
0x
65A0
0x
65DC
0x
65FC
0x
661C
0x
65F8
0x
3F4
0x
65A8
0x
65EC
0x
65F4
0x
65F0
0x
65A4
0x
65E8
0x
65D8
0x
1314
0x
1304
0x
4B4
0x
558
0x
300
0x
CC4
0x
3D4
0x
850
0x
540
0x
988
0x
480
0x
A64
0x
6804
0x
6814
0x
6818
0x
6820
0x
6824
0x
682C
0x
6830
0x
6834
0x
6844
0x
684C
0x
6850
0x
6854
0x
6858
0x
685C
0x
6860
0x
6864
0x
6868
0x
686C
0x
6870
0x
6874
0x
6878
0x
687C
0x
6880
0x
6884
0x
6888
0x
688C
0x
6890
0x
6894
0x
6898
0x
689C
0x
68A4
0x
68A8
0x
68AC
0x
68B0
0x
68B4
0x
68B8
0x
68BC
0x
68C0
0x
68C4
0x
68C8
0x
68CC
0x
68D0
0x
68D4
0x
68D8
0x
68DC
0x
68E0
0x
68E4
0x
68E8
0x
68EC
0x
68F0
0x
68F4
0x
68F8
0x
68FC
0x
6900
0x
6904
0x
6908
0x
690C
0x
6910
0x
6914
0x
6918
0x
691C
0x
6920
0x
6924
0x
6928
0x
692C
0x
6930
0x
6934
0x
6938
0x
693C
0x
6940
0x
6944
0x
6948
0x
694C
0x
6950
0x
6954
0x
6958
0x
695C
0x
6960
0x
6964
0x
6968
0x
696C
0x
6970
0x
6974
0x
6978
0x
697C
0x
6980
0x
6984
0x
6988
0x
698C
0x
6990
0x
6994
0x
6998
0x
699C
0x
69A0
0x
69A4
0x
69A8
0x
69AC
0x
69B0
0x
69B4
0x
69B8
0x
69BC
0x
69C8
0x
69CC
0x
69D0
0x
69D4
0x
69D8
0x
69E4
0x
69E8
0x
69EC
0x
69F4
0x
69F8
0x
69FC
0x
6A04
0x
6A08
0x
6A0C
0x
6A10
0x
6A14
0x
6A18
0x
6A1C
0x
6A20
0x
6A24
0x
6A28
0x
6A2C
0x
6A30
0x
6A34
0x
6A38
0x
6A3C
0x
6A40
0x
6A44
0x
6A48
0x
6A4C
0x
6A50
0x
6A58
0x
6A5C
0x
6A60
0x
6A64
0x
6A68
0x
6A6C
0x
6A70
0x
6A74
0x
6A78
0x
6A7C
0x
6A80
0x
6A84
0x
6A88
0x
6A8C
0x
6A90
0x
6A94
0x
6A98
0x
6A9C
0x
6AA0
0x
6AA4
0x
6AA8
0x
6AAC
0x
6AB0
0x
6AB4
0x
6AB8
0x
6ABC
0x
6AC0
0x
6AC4
0x
6AC8
0x
6ACC
0x
6AD0
0x
6AD4
0x
6AD8
0x
6ADC
0x
6AE0
0x
6AE4
0x
6AE8
0x
6AEC
0x
6AF0
0x
6AF4
0x
6AF8
0x
6AFC
0x
6B00
0x
6B04
0x
6B08
0x
6B0C
0x
6B10
0x
6B14
0x
6B18
0x
6B1C
0x
6B20
0x
6B24
0x
6B28
0x
6B2C
0x
6B30
0x
6B34
0x
6B38
0x
6B3C
0x
6B40
0x
6B44
0x
6B48
0x
6B4C
0x
6B50
0x
6B54
0x
6B58
0x
6B5C
0x
6B60
0x
6B64
0x
6B68
0x
6B6C
0x
6B70
0x
6B74
0x
6B78
0x
6B7C
0x
6B80
0x
6B84
0x
6B88
0x
6B8C
0x
6B90
0x
6B98
0x
6B9C
0x
6BA0
0x
6BA4
0x
6BA8
0x
6BAC
0x
6BB0
0x
6BB4
0x
6BB8
0x
6BBC
0x
6BC0
0x
6BC4
0x
6BC8
0x
6BCC
0x
6BD0
0x
6BD4
0x
6BD8
0x
6BDC
0x
6BE0
0x
6BEC
0x
6BF0
0x
6BF4
0x
6BF8
0x
6BFC
0x
850
0x
680C
0x
6840
0x
6848
0x
683C
0x
3CC
0x
681C
0x
6838
0x
3F0
0x
6828
0x
6810
0x
6808
0x
880
0x
298
0x
844
0x
2410
0x
21E8
0x
6984
0x
69E0
0x
6C04
0x
6C08
0x
6C0C
0x
6C10
0x
6C14
0x
6C18
0x
6C1C
0x
6C20
0x
6C24
0x
6C28
0x
6C30
0x
6C34
0x
6C38
0x
6C3C
0x
6C40
0x
6C44
0x
6C48
0x
6C4C
0x
6C50
0x
6C54
0x
6C58
0x
6C5C
0x
6C60
0x
6C64
0x
6C68
0x
6C6C
0x
6C70
0x
6C74
0x
6C78
0x
6C7C
0x
6C80
0x
6C84
0x
6C88
0x
6C8C
0x
6C90
0x
6C94
0x
6C98
0x
6C9C
0x
6CA0
0x
6CA4
0x
6CA8
0x
6CAC
0x
6CB0
0x
6CB4
0x
6CB8
0x
6CBC
0x
6CC0
0x
6CC4
0x
6CC8
0x
6CCC
0x
6CD0
0x
6CD4
0x
6CD8
0x
6CDC
0x
6CE0
0x
6CE4
0x
6CE8
0x
6CEC
0x
6CF0
0x
6CF4
0x
6CF8
0x
6CFC
0x
6D00
0x
6D04
0x
6D08
0x
6D0C
0x
6D10
0x
6D14
0x
6D18
0x
6D1C
0x
6D20
0x
6D24
0x
6D28
0x
6D2C
0x
6D30
0x
6D34
0x
6D38
0x
6D3C
0x
6D40
0x
6D44
0x
6D48
0x
6D4C
0x
6D50
0x
6D54
0x
6D58
0x
6D5C
0x
6D60
0x
6D64
0x
6D68
0x
6D6C
0x
6D70
0x
6D74
0x
6D78
0x
6D7C
0x
6D80
0x
6D84
0x
6D88
0x
6D8C
0x
6D90
0x
6D94
0x
6D98
0x
6D9C
0x
6DA0
0x
6DA4
0x
6DA8
0x
6DAC
0x
6DB0
0x
6DB4
0x
6DB8
0x
6DBC
0x
6DC0
0x
6DC4
0x
6DC8
0x
6DCC
0x
6DD0
0x
6DD4
0x
6DD8
0x
6DDC
0x
6DE0
0x
6DE4
0x
6DE8
0x
6DEC
0x
6DF0
0x
6DF4
0x
6DF8
0x
6DFC
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007f5b0000 | 0x7f5b0000 | 0x7f5b0fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x0000009738e10000 | 0x9738e10000 | 0x9738e2ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000009738e10000 | 0x9738e10000 | 0x9738e1ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000009738e20000 | 0x9738e20000 | 0x9738e26fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000009738e30000 | 0x9738e30000 | 0x9738e43fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000009738e50000 | 0x9738e50000 | 0x9738f4ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000009738f50000 | 0x9738f50000 | 0x9738f53fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000009738f60000 | 0x9738f60000 | 0x9738f60fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000009738f70000 | 0x9738f70000 | 0x9738f71fff | Private Memory | rw |
|
|
|
- |
| private_0x0000009738f80000 | 0x9738f80000 | 0x9738f86fff | Private Memory | rw |
|
|
|
- |
| private_0x0000009738f90000 | 0x9738f90000 | 0x9738f90fff | Private Memory | rw |
|
|
|
- |
| private_0x0000009738fa0000 | 0x9738fa0000 | 0x973909ffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x97390a0000 | 0x973915dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000009739160000 | 0x9739160000 | 0x973925ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000009739260000 | 0x9739260000 | 0x9739260fff | Private Memory | rw |
|
|
|
- |
| private_0x0000009739270000 | 0x9739270000 | 0x973927ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000009739270000 | 0x9739270000 | 0x9739283fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000009739270000 | 0x9739270000 | 0x9739282fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000009739270000 | 0x9739270000 | 0x9739272fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000009739270000 | 0x9739270000 | 0x9739271fff | Private Memory | rwx |
|
|
|
- |
| pagefile_0x0000009739280000 | 0x9739280000 | 0x9739280fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000009739290000 | 0x9739290000 | 0x9739297fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000009739290000 | 0x9739290000 | 0x97392a2fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000009739290000 | 0x9739290000 | 0x9739290fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000009739290000 | 0x9739290000 | 0x9739292fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000097392a0000 | 0x97392a0000 | 0x97392a0fff | Pagefile Backed Memory | r |
|
|
|
- |
| cversions.2.db | 0x97392b0000 | 0x97392b3fff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000097392c0000 | 0x97392c0000 | 0x97392cffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000097392d0000 | 0x97392d0000 | 0x9739457fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000009739460000 | 0x9739460000 | 0x97395e0fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000097395f0000 | 0x97395f0000 | 0x973a9effff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000973a9f0000 | 0x973a9f0000 | 0x973aaeffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000973aaf0000 | 0x973aaf0000 | 0x973b2effff | Pagefile Backed Memory | rw |
|
|
|
- |
| sortdefault.nls | 0x973aaf0000 | 0x973ae26fff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000973ae30000 | 0x973ae30000 | 0x973af2ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000973ae30000 | 0x973ae30000 | 0x973ae30fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000973ae30000 | 0x973ae30000 | 0x973ae45fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000973ae30000 | 0x973ae30000 | 0x973ae45fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x000000973ae50000 | 0x973ae50000 | 0x973ae65fff | Pagefile Backed Memory | rw |
|
|
|
- |
| {6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000013.db | 0x973af30000 | 0x973af72fff | Memory Mapped File | r |
|
|
|
- |
| cversions.2.db | 0x973af80000 | 0x973af83fff | Memory Mapped File | r |
|
|
|
- |
| propsys.dll.mui | 0x973af90000 | 0x973afa0fff | Memory Mapped File | r |
|
|
|
- |
| cversions.2.db | 0x973afb0000 | 0x973afb3fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x000000973afc0000 | 0x973afc0000 | 0x973afc0fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000973afd0000 | 0x973afd0000 | 0x973afdffff | Private Memory | rw |
|
|
|
- |
| private_0x000000973afe0000 | 0x973afe0000 | 0x973b0dffff | Private Memory | rw |
|
|
|
- |
| private_0x000000973b0e0000 | 0x973b0e0000 | 0x973b1dffff | Private Memory | rw |
|
|
|
- |
| private_0x000000973b1e0000 | 0x973b1e0000 | 0x973b2dffff | Private Memory | rw |
|
|
|
- |
| private_0x000000973b2e0000 | 0x973b2e0000 | 0x973b3dffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000973b2f0000 | 0x973b2f0000 | 0x973baeffff | Pagefile Backed Memory | rw |
|
|
|
- |
| {ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db | 0x973b3e0000 | 0x973b46afff | Memory Mapped File | r |
|
|
|
- |
| {afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000001c.db | 0x973b470000 | 0x973b482fff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000973b490000 | 0x973b490000 | 0x973b58ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000973b590000 | 0x973b590000 | 0x973b68ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000973b590000 | 0x973b590000 | 0x973bd8ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x000000973b590000 | 0x973b590000 | 0x973b590fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000973b590000 | 0x973b590000 | 0x973b5a3fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000973b590000 | 0x973b590000 | 0x973b5a5fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000973b590000 | 0x973b590000 | 0x973b684fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000973b5b0000 | 0x973b5b0000 | 0x973bdaffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000973b690000 | 0x973b690000 | 0x973b78ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000973b690000 | 0x973b690000 | 0x973b692fff | Private Memory | rw |
|
|
|
- |
| private_0x000000973b6a0000 | 0x973b6a0000 | 0x973b79ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000973b790000 | 0x973b790000 | 0x973b88ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000973b790000 | 0x973b790000 | 0x973b792fff | Private Memory | rw |
|
|
|
- |
| private_0x000000973b890000 | 0x973b890000 | 0x973b98ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000973b990000 | 0x973b990000 | 0x973ba8ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000973ba90000 | 0x973ba90000 | 0x973ba90fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000973ba90000 | 0x973ba90000 | 0x973bb8ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000973baa0000 | 0x973baa0000 | 0x973baa2fff | Private Memory | rw |
|
|
|
- |
| private_0x000000973bab0000 | 0x973bab0000 | 0x973bab2fff | Private Memory | rw |
|
|
|
- |
| private_0x000000973bb90000 | 0x973bb90000 | 0x973bc8ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000973bc90000 | 0x973bc90000 | 0x973bd8ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000973bd90000 | 0x973bd90000 | 0x973c58ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000973bd90000 | 0x973bd90000 | 0x973be8ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000973bdb0000 | 0x973bdb0000 | 0x973c5affff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000973be90000 | 0x973be90000 | 0x973bf8ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000973bf90000 | 0x973bf90000 | 0x973c08ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000973c090000 | 0x973c090000 | 0x973c18ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000973c190000 | 0x973c190000 | 0x973c28ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000973c290000 | 0x973c290000 | 0x973c38ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000973c5b0000 | 0x973c5b0000 | 0x973c5c5fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x00007ff6d34ae000 | 0x7ff6d34ae000 | 0x7ff6d34affff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff6d34b0000 | 0x7ff6d34b0000 | 0x7ff6d34b1fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff6d34b2000 | 0x7ff6d34b2000 | 0x7ff6d34b3fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff6d34b4000 | 0x7ff6d34b4000 | 0x7ff6d34b5fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff6d34b6000 | 0x7ff6d34b6000 | 0x7ff6d34b7fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff6d34b8000 | 0x7ff6d34b8000 | 0x7ff6d34b9fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff6d34ba000 | 0x7ff6d34ba000 | 0x7ff6d34bbfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff6d34bc000 | 0x7ff6d34bc000 | 0x7ff6d34bdfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff6d34be000 | 0x7ff6d34be000 | 0x7ff6d34bffff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff6d34c0000 | 0x7ff6d34c0000 | 0x7ff6d34c1fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff6d34c2000 | 0x7ff6d34c2000 | 0x7ff6d34c3fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff6d34c4000 | 0x7ff6d34c4000 | 0x7ff6d34c5fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff6d34c6000 | 0x7ff6d34c6000 | 0x7ff6d34c7fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff6d34c8000 | 0x7ff6d34c8000 | 0x7ff6d34c9fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff6d34ca000 | 0x7ff6d34ca000 | 0x7ff6d34cbfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff6d34cc000 | 0x7ff6d34cc000 | 0x7ff6d34cdfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff6d34ce000 | 0x7ff6d34ce000 | 0x7ff6d34cffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007ff6d34d0000 | 0x7ff6d34d0000 | 0x7ff6d35cffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff6d35d0000 | 0x7ff6d35d0000 | 0x7ff6d35f2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff6d35f3000 | 0x7ff6d35f3000 | 0x7ff6d35f4fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff6d35f5000 | 0x7ff6d35f5000 | 0x7ff6d35f6fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff6d35f7000 | 0x7ff6d35f7000 | 0x7ff6d35f8fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff6d35f9000 | 0x7ff6d35f9000 | 0x7ff6d35fafff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff6d35fb000 | 0x7ff6d35fb000 | 0x7ff6d35fcfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff6d35fd000 | 0x7ff6d35fd000 | 0x7ff6d35fefff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff6d35ff000 | 0x7ff6d35ff000 | 0x7ff6d35fffff | Private Memory | rw |
|
|
|
- |
| mksmd.exe | 0x7ff6d3e70000 | 0x7ff6d4205fff | Memory Mapped File | rwx |
|
|
|
|
| actxprxy.dll | 0x7ffc48ff0000 | 0x7ffc49459fff | Memory Mapped File | rwx |
|
|
|
- |
| urlmon.dll | 0x7ffc4b540000 | 0x7ffc4b6d6fff | Memory Mapped File | rwx |
|
|
|
- |
| iertutil.dll | 0x7ffc4ddd0000 | 0x7ffc4e145fff | Memory Mapped File | rwx |
|
|
|
- |
| propsys.dll | 0x7ffc511b0000 | 0x7ffc51332fff | Memory Mapped File | rwx |
|
|
|
- |
| winnsi.dll | 0x7ffc51c30000 | 0x7ffc51c3afff | Memory Mapped File | rwx |
|
|
|
- |
| iphlpapi.dll | 0x7ffc51c50000 | 0x7ffc51c87fff | Memory Mapped File | rwx |
|
|
|
- |
| apphelp.dll | 0x7ffc52cd0000 | 0x7ffc52d47fff | Memory Mapped File | rwx |
|
|
|
- |
| uxtheme.dll | 0x7ffc52d70000 | 0x7ffc52e05fff | Memory Mapped File | rwx |
|
|
|
- |
| mpr.dll | 0x7ffc53810000 | 0x7ffc5382bfff | Memory Mapped File | rwx |
|
|
|
- |
| rsaenh.dll | 0x7ffc53a90000 | 0x7ffc53ac2fff | Memory Mapped File | rwx |
|
|
|
- |
| userenv.dll | 0x7ffc53b80000 | 0x7ffc53b9efff | Memory Mapped File | rwx |
|
|
|
- |
| cryptsp.dll | 0x7ffc54210000 | 0x7ffc54226fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x7ffc54280000 | 0x7ffc5428afff | Memory Mapped File | rwx |
|
|
|
- |
| sspicli.dll | 0x7ffc54320000 | 0x7ffc5434bfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| bcryptprimitives.dll | 0x7ffc543d0000 | 0x7ffc5443afff | Memory Mapped File | rwx |
|
|
|
- |
| profapi.dll | 0x7ffc54580000 | 0x7ffc54592fff | Memory Mapped File | rwx |
|
|
|
- |
| powrprof.dll | 0x7ffc545a0000 | 0x7ffc545e9fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel.appcore.dll | 0x7ffc54610000 | 0x7ffc5461efff | Memory Mapped File | rwx |
|
|
|
- |
| cfgmgr32.dll | 0x7ffc54620000 | 0x7ffc54663fff | Memory Mapped File | rwx |
|
|
|
- |
| windows.storage.dll | 0x7ffc54670000 | 0x7ffc54c97fff | Memory Mapped File | rwx |
|
|
|
- |
| shcore.dll | 0x7ffc54f80000 | 0x7ffc55032fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x7ffc55280000 | 0x7ffc552b5fff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x7ffc55380000 | 0x7ffc554dbfff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x7ffc554e0000 | 0x7ffc5562dfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| oleaut32.dll | 0x7ffc55910000 | 0x7ffc559cdfff | Memory Mapped File | rwx |
|
|
|
- |
| shell32.dll | 0x7ffc559d0000 | 0x7ffc56ef4fff | Memory Mapped File | rwx |
|
|
|
- |
| nsi.dll | 0x7ffc56f00000 | 0x7ffc56f07fff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x7ffc56f10000 | 0x7ffc57094fff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| combase.dll | 0x7ffc571d0000 | 0x7ffc5744bfff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ole32.dll | 0x7ffc57750000 | 0x7ffc57890fff | Memory Mapped File | rwx |
|
|
|
- |
| shlwapi.dll | 0x7ffc578a0000 | 0x7ffc578f0fff | Memory Mapped File | rwx |
|
|
|
- |
| clbcatq.dll | 0x7ffc57970000 | 0x7ffc57a14fff | Memory Mapped File | rwx |
|
|
|
- |
| advapi32.dll | 0x7ffc57aa0000 | 0x7ffc57b45fff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
|
For performance reasons, the remaining 296 entries are omitted.
The remaining entries can be found in flog.txt. |
||||||||
Created Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.bmp.RYK | 784.33 KB |
MD5:
9ce5ca70571523db2aad14686621850f
SHA1: c4688e7054769426a96b6cb270478d3974484f50 SHA256: 3205b49de41b2e98eaa6872b03b48a5b689169f39b01dcb7bb4efb78fb4f429f SSDeep: 24576:zBULrNPYuFMlSsBSun2Z+/78Vd53xzdvx:zufNPYgVsAuZAv5hZvx |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Desktop.ini.RYK | 0.64 KB |
MD5:
bf25a28a556d74e7e41f07d8c9a6ac26
SHA1: bd8b0fb6ff90b8289650dcacb100620605bed23d SHA256: 3e1059ced26467b29d20073413477e69b7b30504c7fea76e06c16ad80d06a570 SSDeep: 12:nxnJNpKipgH3t5l96I5qVaK5gVuXhru6E9d/ZpQM7so8yiKmOqArKURsn:xNKqgXt796QmaogV2hrqWyAFArHRsn |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\20\189.RYK | 0.41 KB |
MD5:
28370f29899258417c535969c5f94d6b
SHA1: 375d9e9bb71a8baf14b664da843a64cd46e66f41 SHA256: ef80b50a562a80f185729e24aa9842dc2269178ecf850bc91f00de67c5115f29 SSDeep: 12:jEMfObfUmoP9eIEHm9N2PVmjYG8hVVwy7z3KN8MBon+:30f/oVe09NiGYpJ5X6m1+ |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk.RYK | 1.38 KB |
MD5:
5d710f6cc567da3fe7073422b1cd0274
SHA1: c7e8ae725989ef735acd24f28b9232c81b301a12 SHA256: e2de02c161dfc02799d0ca4b3198c2abaa2d5f969713cd961068057369003c1c SSDeep: 24:3Pgso61eGvndu1fLpGyLiYafZikkHZ6obh/xA2BxStQntJP3Z6caHJ7yLAbQeF:34t8eG+GNVik0Z6oVxFSSt1wcaELA0eF |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl.RYK | 16.28 KB |
MD5:
c760fa2416902fd7f67fe56aa9a7a49c
SHA1: 43050ecd961def482a8fbf18a7078c0737f5c933 SHA256: 1ee55f16e0bfc150370cb2831ecc14be22114fd4af76e3cc1a0a0ed52576c606 SSDeep: 384:ZderXfZXaUCCCB128lWgtuvcRxaC9fcl/u2LkxdfNZX5Iez2SJS:ZsrBXaHvH5tXDaCg/u2LkxdzDz2SJS |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\238.RYK | 0.41 KB |
MD5:
3ee75fad0c5a50aa6673412f0a81eff8
SHA1: bde87006ea9ca2d809a5021b22b98920b4f2f22a SHA256: 2e120b317376c514bf45e3010b72f1b3089f7e064d84cce52bb7d883a1d8dd90 SSDeep: 12:I+19BSHo1EWIFrJkwOB2hn2/xJGy0t26k0:D19BSHwSFCwTAL0tg0 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Sticky Notes.lnk.RYK | 1.44 KB |
MD5:
7478b15cb951e611c0a970591dba315a
SHA1: bac1b0aae083ff428c99fa1a3406f3b236feb849 SHA256: 3c837c37574ef673c2647ab292c3eec5a6497840846c22b8d3188a891f5e1c21 SSDeep: 24:7w6Zfec5or4NjxSZuqMiHcU6vcQ7d9VzbMGHBTXKWkIinwu19pqUnUcmCwHvN48Q:dEc5GQxSQqMi8dZ/oGHBTKx19YUUlCq2 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini.RYK | 2.81 KB |
MD5:
705efdc9771d2bd0d19ba721bdadebf2
SHA1: e6675d7a96b6a447b4f1c7308b38838783256d0f SHA256: 4d58bd80f77bc68f1600c07f44c9615a5819ad092c5b19888ad6fb99ce78824c SSDeep: 48:NGVAhKj4xwavgw1Vs8W67Vk0kxxQ01LhVTPOFnr70pIw1w5j/axJ920V3fj9tbm:NGVUO81Vs8WL0kxxV1LhdSr7ijqQTvJ+ |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat.RYK | 0.50 KB |
MD5:
9c47b5cde8f9e28be4a740089f1b083f
SHA1: 165045769f51e8f467e43a6ca75bfe7ee3105679 SHA256: da2ba656f7833954f918ad6aaeb32dbcc5d78ce231123284f4fcf22e158c1ed2 SSDeep: 12:y//BlHQI3J78oGYB0eA5WDtm9p+UMVoJWAhTPfxQyn:y3fQIyoGA0ZU3ozhTPfuy |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl.RYK | 16.28 KB |
MD5:
f08c07acdf770160ca9f24c77c46e8da
SHA1: 363e7f1d324dda6795eeb26255a5697d4a7fce15 SHA256: a9f1ea4fd455e0fa88029415fcd4edd345bef642ea3fef66bf8917f5809b22f9 SSDeep: 384:s1pnf/AVdidGjwRvm+IFKZSEbhJeVLHY61kvart6:sr/AGe3+IFK4Ene9Y6NA |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\191.RYK | 0.41 KB |
MD5:
df20b92bbb6bfc735721dcc202a97d05
SHA1: 5c8b2d41c6f80208b26a9171f910b0b6162822c4 SHA256: bc67fa908195648ef28379fbff26d64b4a4ca7acf16e44633838cfae1edf8a8e SSDeep: 12:bwR88lq998WCOVVCnEPUq4FmUwQwnN+9OQL:si8EfNCAVCEP0UQI+9Ow |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl.RYK | 16.28 KB |
MD5:
2e9546f59fa8e2e7068e9b169470bb4e
SHA1: 188bb513f61311c33d6b8926603b4d7aadac3a73 SHA256: 3ede06be15faaeb8613d1752b35be5daffdb2ee236471f12eedf64cc300193b2 SSDeep: 384:4eUmc9XPKyJX7Z/9XLtKKyXIAhJZ7mWpTozEh+E/SN:THIfKyVZ/rKQA3ZPpTo4XSN |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\317.RYK | 0.41 KB |
MD5:
fa647246742b6fb361b947d4d1ed9ac8
SHA1: c3fd00b0df0d9530f5d3d9b8517a64f8c7b51a94 SHA256: d19c17be36894b07ad9415b2581ca43000ce5e1a0fcd387a405a60760931efbd SSDeep: 12:sSNQsyyB/WRzIY5bqdl8pPIjZlPObdr7nO:vSyZWR/bq0hIjPObN7nO |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft OneDrive\setup\refcount.ini.RYK | 0.30 KB |
MD5:
b79cd319abcfad5d60a1dc4b903823b6
SHA1: cde312aa1b5a9836b2373c6e34e742ec5409c3cf SHA256: a5f6f84922289275196933e3345d4f69d8d9df304d8438c530dc55ab79e47386 SSDeep: 6:lzVGCN2VFob1J7ArZ26zxONWh5zXO2weCRDXvM9NFzYb46piuxLd2N5rI:GFK0ZLzxONQjOLXveC00JxB2U |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk.RYK | 2.67 KB |
MD5:
72be97604257b58fb66ab9525a6f2b51
SHA1: 2096842f536df27d69cf807adf3a343a0e36b507 SHA256: 6e6495c7e17eab179215f3ae9c70e73634a17887951325ec8e9d32fe86f5d2a1 SSDeep: 48:OvkeMHdDPH3QhT9eU9plbhBuapuEtas6pSQ/wfls28bPdsidlPbsT:OMvR3qBeWlbPuuuka5Jofls28bPPlPoT |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\About Java.lnk.RYK | 2.33 KB |
MD5:
ae21b145423e4a72054dc2fe48091838
SHA1: 04315b5a689e7a7301070f80154fd18c36ba257f SHA256: c8149696df480f7730c0415e829b842a478ce727e0b6d30fabf51efd834226ba SSDeep: 48:GnJSlAFIrX6okiFE0BSWXdodDWsJsJ0d4o7mLws3FoYjHtMMz:jl43Bli9tE/JP4o6YYj1 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk.RYK | 1.41 KB |
MD5:
999121f24b5ad6557232561d9f68e286
SHA1: e35e797667966668d24bed814a557b5426d16bd5 SHA256: 2cb77e768fafeb44f9146dd66c6c0d0a76044a6ed130fd53ed0cc9b676e455b0 SSDeep: 24:4qYXn1wZHEE+jw7oKeeMysw4baahpRlESFITckXSuBGzcNQD12ptN9lpVvt+:4qYXIHLCwMKdZswiaatlESFIh7GzGqsE |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk.RYK | 2.67 KB |
MD5:
29d63779dc91fc4b7da0cc5ec414c451
SHA1: 67eb0245d688cff8edde5a5bba60bb322000e595 SHA256: fb72290f73d7d13f4e011f35ae9b48884d5c0b485fb2ce7a531e968546b3c58d SSDeep: 48:j4wjErpmG4PSKbc7OJXjFLtKljWLPLmafyFGSgFqgf6IgVhEy1Ufp6zfgWU:j4wAVUPDbc7YKlaDL3fSGS+IIgV3kpqM |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini.RYK | 0.46 KB |
MD5:
0fad7dbe16d35ff9d91f34c8d4e45a3e
SHA1: 9b4385b9b72ea52b194bba5d893b6c5d9c0ed8c1 SHA256: 6e03ce055d9e7aa7eb57a561d6a08988a3d6a11d66bea7d01a6d135181d5c9ab SSDeep: 12:EY9UdKd2qemYxzwz7pSQqOto+ebC80fZVPEJlcF44QZ:EyUIgq7fqOve/0BVtZA |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png.RYK | 0.67 KB |
MD5:
2a8cd5721de9cdac4494ca0631e10845
SHA1: fc6d47fd3449af027cf15109d421c1f21022b3b2 SHA256: b1676ef87b0270c77d1fab4c406fd3b6d7a7a64d7e8b713d2931e3d45fd7ece9 SSDeep: 12:VoMqgcVTvUZ1oznCK6s85ATGNXpUPh5eP7jpL+VHMP8QCjWOkf4+F68wyb:mr5sZubCaIaIXpuh5eP/BGHMjQG4+FgS |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\03\324.RYK | 0.41 KB |
MD5:
7d9258757d557b3ca1cf8038c8610ad8
SHA1: 6596abe6eb6766569797f891c94d65584b6cd63e SHA256: 968b160d810d5b98a85b3c8b43676b9a24b75bd9d42080de395d33a5e88e4934 SSDeep: 6:rAOqF4IoHLJM0toQsp3327h04ms7CwfhLGSrBfjyeBAyEGH9Nw8TTTAkd8PZL+eX:cOtrJBtvuaBJN/Eg9pWPR+eVwY+zTy |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\193.RYK | 0.41 KB |
MD5:
625afda9892eb294c1a9749144e8e5fa
SHA1: 42607b0769f644e507598cd115be583b32e5c160 SHA256: ef9457a1a97ebe77f6a483e2c7c57c86d3dc77f471233b6a02f0a474d1fc19e2 SSDeep: 12:mmqbUxZATwce08mkRsGXzWX9jhsvqUNeCBI23CS:m/hTD+HJeCm8CS |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\13711.RYK | 0.41 KB |
MD5:
35db5be44bfafafcd428039d08beb63c
SHA1: 8032e4f39b9f8925ca9a4f8c51156e2152a343a8 SHA256: f756ea8179facc9e7bdeb6ce456e528e481c65f4738e8421fc5258f0d18d54d2 SSDeep: 6:AhvYpHW2hyWTY8Ofzd3FqnzgIIhXmwobPtChAODLYPaGQ6VhwJvuRVnluyaP+J3z:AJYppYDfzdVczTIowyeRXHGv0h4roel |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Get Help.url.RYK | 0.46 KB |
MD5:
df47c7f823fc9204c6c41487f741005e
SHA1: 059729407d5114fd89dad5df746986cfd44c5478 SHA256: d35b0fb34beb249c8651df396b94c78b4c1c2898a2721a3add68170d634b69e1 SSDeep: 6:4LSav4VQvk+TC/ajxAqo9o2RGQ9nu5h9q99fOC6BKaabCKOlcY53sm3A381/P:Evxk2DxVo9o1Yn+h9q9tOZt9ym3AM13 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl.RYK | 8.28 KB |
MD5:
5953cf626150923e94a99bb251db096f
SHA1: 6caf880d50c7bb27b96a34b1de0c2ab82e12baab SHA256: f3d81bef59ff3af4a2be802bb006c5959609b17a4cc6cc4cae41459630deca52 SSDeep: 192:WqlFIILvsI3IcaZfD2ZPlvlrYHOv7IAlTOP:7fIIgI3I1ZfDSPlvSOM+TK |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk.RYK | 2.67 KB |
MD5:
71e954f49812a366e994a0390fa81b1e
SHA1: 25f9dabc7a7f2872b9ca5b1467253b7b50649105 SHA256: 9e1b491ceb889cbbbeff500c90fb58bcff571ef6b2a540f3b9e7f89695dda24b SSDeep: 48://kIYyLK6zyNkM7yUZIYIUokr3iyKZuhRXb5KP+THktowh+nhvibCxMeN00kZczD:/RYziEyUZIuokr3BKZS8sHOdh+nS+RWW |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\286.RYK | 0.41 KB |
MD5:
595223669a0c8b13c845bb5615578ba1
SHA1: de57cc02dcdce85aefb3e6812cc568965711da92 SHA256: 39b604a72995f186c4522b8475c7caa795574cf60d35525e63c0e4bb79a6aa6a SSDeep: 6:qEIOqdku3zjtNWiXVwyZW+MLSxaq7651ziwDmAiY2hG0ZAoPOXXDrvChEykXj7pa:PYSqzLWrScsWRLTnIAKhGbvmIBANhSS |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl.RYK | 16.28 KB |
MD5:
bee95e37d1d1207094e7bc8fbc4e615d
SHA1: ccaa75ec1a439e07ac3b2344695bda2eb8018299 SHA256: 363bc7f727273c56ea5938e6dc093f3a81e33df8787b4faa0acc294a0a15ba87 SSDeep: 384:/Xh1L8JFvBrn3rY0dBN2Bhp+WBandKoyUot:vUzbLZ2PpR40ohot |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\259.RYK | 0.41 KB |
MD5:
0a829fdf530f48b23e78593aafc0e46d
SHA1: a6fa919d2f13f77b996b3ab26bbdfb102baa52a8 SHA256: 4b3e1b451abd77648a51bfb4ed4dde06432ea297ccd1df150f2bf02fcf82bfbf SSDeep: 6:UKeCsFy1jzHbtQNNaqwObEqkpy4AR5xCE0xVo3OGZeh/1KauesHyz+A:UKeC317+NNaMh34A/xCdxe3pZc/1BLj |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Active.GRL.RYK | 14.89 KB |
MD5:
7e8342a691ced2bd8e17aa5d87f7b50d
SHA1: 90d9caba4a89c196b1dd9c4f99526aea19a72c89 SHA256: d8dca38d5b5dce2b301da7acd9fe3075c6eb74548e2507f796321f1461094efc SSDeep: 384:xqUSPbw/fAe8x6UZFBjT31/FWmgk0HZ4ayyay7W+UEVy:zdfATBjT31w0Ly7SEk |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio.lnk.RYK | 2.38 KB |
MD5:
014ccd9ea90832b718c4d36582e83d2c
SHA1: 733ef3afef366cf2a2ae09debfc4fab27bc68a83 SHA256: 8095e1179a41ed8824da9ac2fdaceb80d7ce43a0250ec9e201af6e8a229bdc02 SSDeep: 48:vS8+M46PFNG9OvE5kGgnkZs9KJR69K/QDzbekD7P0cLEHSY:vD+wtEQv+snkK92R6dbekH/Y |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\261.RYK | 0.41 KB |
MD5:
9260ee84cdd948a7f0a616e239a7fce4
SHA1: 090ecd365ce9e3070e5711484deb32f2b5fa2b54 SHA256: f8f033a3b676a5b81bcb148c7ae3c0dd424edd6f4b21b6cb4b4bcf22402f4c28 SSDeep: 12:HQMLjQvKBo3LOsld8NRUDgall+6j2JdlE:wMzBo3LOZ3UDgI+6GdO |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl.RYK | 16.28 KB |
MD5:
a83e23a51ef16db4bbb813f7ec7be29f
SHA1: 696b6d2c3ad500ba59e4b2e379e5bc3c6d222316 SHA256: 7e7947dc49421199a2f630c15a18eecb7ebeb35fb5065b541ae54265b9eebaf9 SSDeep: 384:vu5Esc/IREC+IiMvL/jP+rOykJR9EM0PSPMFDjfQ:vu5cmDiMrD+rOyuRKMmSz |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project.lnk.RYK | 2.39 KB |
MD5:
5251638440810f45dbd987be0874e715
SHA1: a6f45667b8fee7cb676d637abd0326b9bf20617e SHA256: d00886f46f8030aea9b94c5832c7c4dca66b38a2b31f5368d87da687ecb98c30 SSDeep: 48:6R3Liso0kcGRbKWU7NJuuaHzxM+HkYcx1F05SIVSyKUYhza/ZTW:U3LBo0kcSKndaHzdHkYcj0SUbKUOd |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\06\13710.RYK | 0.41 KB |
MD5:
dcb79fd22992132709451cad76f83b93
SHA1: 55d150bb9df3c94bca510132c127672586b3b86a SHA256: f4b6b54f8dfaf44b8de7f2592bbf5e8dab37523b2f4fddf3f698e7bc79201caf SSDeep: 6:D680DfR03rsbyn1kZU0wv4nHgV+rypvTqfBNQBV239APAqIArH9X1jte5JMcf8fR:DXAby1IVwv4HCnRIQj2t47HY5JMcWj |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Check For Updates.lnk.RYK | 2.35 KB |
MD5:
13997acab674989f0de606ceaaca2278
SHA1: 6994a9a64afc8a31a15d818038f658d901aaeaab SHA256: 4f2cd40196b3f48826a238dbc495e302d72d64d7ababe959f0e3611e99b80b20 SSDeep: 48:AQovPJDhxOMc/KthEogJ+F8yhW5gfL39TwSQLBLRn8oTQHM6IBL52HjxZ:DuPJeMcShngJ0pkZBLy+R52DxZ |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl.RYK | 16.28 KB |
MD5:
6781944f1fc1fc62a0b9cce2c3922864
SHA1: ae9e3a725e52644cefb9d2592dacca5700a664e4 SHA256: fa23639146abd1c65d8357ba957584162b587cccc40533362047de97e206089a SSDeep: 384:VfARKfvnLsr5tvjFwxZ1GetLj5+/yw5WZNAuT42JXa:VozvjFwxKeNj0WZ9Ja |
|
|
| C:\Boot\BOOTSTAT.DAT | 64.28 KB |
MD5:
6e48e19e0886eac333612fa2e99f8023
SHA1: 96744f7909303af9090ae47a76e41edb03a731f3 SHA256: 1c3e1dea59ece439a1f2017398c10fab8e8f51184eeaedfdbd52d02e8d707ea8 SSDeep: 1536:/Ps0yoopRFvUp+xsfYQ2qJgcm7/vIZnyyaT6MZrYo9/w1B2G96:/PlyjpRep+xamum7/Kny5JrYo9/w1gGc |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MpDiag.bin.RYK | 0.39 KB |
MD5:
1e86e8aa2affb4c523ce95f39c9d2855
SHA1: cf53a76a7211c628fe60b7f289a2053a09cef88c SHA256: b8db1b7e17f7156f35cb6dc88ca77bbbe45beb9852fc95490533d5f1ca999abe SSDeep: 12:V2pgt1zfkfxrmwx58BYrewOQ8cV0v6feJ:V26vkfJmwx58BYrebQNV0SmJ |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\263.RYK | 0.41 KB |
MD5:
e314d471f98f73d3dd62604fd7ddfea7
SHA1: 07a672f364fbfec5bfe242809b3ef3c3797ad25d SHA256: 90a84369b8725eddd2afe281a8c8116dd380f8aa68212f1c690a5aaf99a49211 SSDeep: 12:RwLsgboYR4RETdYRKRvvnMYLCOuji9wdT+HfhX5YG:nYoYjxMY8ji6dT+HJX59 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\260.RYK | 0.41 KB |
MD5:
383e19bbe28ec72d76dde73a8bb641cb
SHA1: a6f630ab949f154ed50a3d7147b9a6dc7da9b171 SHA256: cf26a515eaa16318193585cbb373e2c3c266ae05ae0181f548f003de357750ef SSDeep: 6:woMHcauxOjxtV1E8JXAe6iUh/vl5U0rJJ5RfXzK2H3lfl7YN6Ng4Uo/REjdshn:w7HcauoLE41G/E+JDfvIN8U2qjdg |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini.RYK | 0.64 KB |
MD5:
436ab3304d8b873d810cc87057a97c05
SHA1: 05f6b9f01c402869b793ab3f763081f946ec4bf7 SHA256: 59df6f424a8cdaabc43aef5c28e73bb299cd830d20d908c8d078a23acdc3b858 SSDeep: 12:zHr76evBqISHraS41AJILK7KgRwRVYbPRtaONBTShCBcAVQlRR9F+KfTaHPpgZ:zL76eZ+b4dkPO25SYBccOfF+Kf0BgZ |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\198.RYK | 0.41 KB |
MD5:
6252d44a67eaaf5eca31a1d22919028f
SHA1: 5bbf03ce8df9b0e0def8a93c8800accd792296ab SHA256: c10ab43bfd38609d3fb70c89eab79a111dd4f677157655bceb83bd8c32a20e58 SSDeep: 12:W1h4LueGbPHiYwzKarTobMRTE2SVGZj4yDee5CVM:WUw/iLzKKIYg2jZMs |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk.RYK | 2.42 KB |
MD5:
a5b81558735503a12d07bd4949d9b1f7
SHA1: e72155f9431cdcb586ca672b21663e461670c876 SHA256: 62d70b204ac256e00c6339fa6b6ca078b27fa407525302497f823a00b3c0552d SSDeep: 48:4G5pKEXbbSGTyOi1Iung/y5DdGT5w7vjxvWwhNfnko8+rDEnb5OGBeoGRs:3f9beGOruymFw/xvWindr0eoGRs |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook.lnk.RYK | 2.63 KB |
MD5:
b6b9667135c28867eb8b0d9a2c9ab082
SHA1: 5ef46b9ab8a2170cc4feda092c44603292b066af SHA256: 719637be00b991ef67e482e4e3faa3e9217b5c9b497d12cf3e227adb024fea9f SSDeep: 48:7HLbw8dvrzF2bfYqUQbMWHAqwABx4/dEbE6OBDNPLF:73bzKRbMmNz4lEbE6QPJ |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini.RYK | 0.44 KB |
MD5:
1bbf85bf8d80c2707dfd86e9f5eac340
SHA1: 1a2407f6fb7f0f72dca03c83ed47e66be37a402c SHA256: c597c78f930b4cae6aa4e00bb028fc4e39bce28b81fbae5f67e1227aa8868137 SSDeep: 12:pkt8bIySXrnqUsP00Q+dRwK7iolCgoDHNwm0Yk:Otdt7ncPK+dRw8iiC3imhk |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneDrive for Business.lnk.RYK | 2.42 KB |
MD5:
460b5756adfb11ad91290019d7c1050b
SHA1: 605fc04caf74984986e4104ed56997be6da76b94 SHA256: 63949ca75f9496dbf6e36d8d646639ef4a61018f5db1b7e76c86a244d275c9c1 SSDeep: 48:eABwLVZBoeAQ4o9eYswZ9RX+U2hCb1YKmyFMdmxpP3SwKfQYmh6:ejLieCJYpUhCB4kMy9SwKfx3 |
|
|
| c:\programdata\microsoft\crypto\rsa\machinekeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b | 0.05 KB |
MD5:
93a5aadeec082ffc1bca5aa27af70f52
SHA1: 47a92aee3ea4d1c1954ed4da9f86dd79d9277d31 SHA256: a1a21799e98f97f271657ce656076f33dcb020d9370f1f2671d783cafd230294 SSDeep: 3:/lE7L6N:+L6N |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini.RYK | 0.44 KB |
MD5:
c1904bbc4d16c09d11924eec6ce70159
SHA1: 3df3b3c384159984af846493892fc3c368b02bed SHA256: e6d1d9c5d642717fc39bd29a10070a5ea2a32109f3e99d339f8bebb6875d05aa SSDeep: 12:B0KWp4vtYY5t3gMbIWNAJxwDTg+frCkWwX3vie23ao:B7lYK3gXWNAJxwDLRnviBF |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access.lnk.RYK | 2.64 KB |
MD5:
882485d5140949b615c2aa5551972e77
SHA1: 3b358194f72983f6fbcda7c87a854fce3b7dcda9 SHA256: 479af70faa130cc183e5fbc3abf1e2951f6cfb470d9d047077cbe74016239eda SSDeep: 48:UTY++U56QgqR6qovknK33pxNgE0lCbzkmxAE48g52Dlmw+QJ093KWpf/2sipsthV:I+6RgqR6qg33pbg9Yb45J8g5pxQJnWp3 |
|
|
| C:\BOOTSECT.BAK | 8.28 KB |
MD5:
420177e81b5d588254cb266ff886e1b6
SHA1: 21a11f7e5586462e204ba1bac51511f4d7f68e02 SHA256: d7abf249fafefeb95f7d3ef44b02210c202e3b5e6f8642cbe099c5a57dc44297 SSDeep: 192:d8oNqu7YEaBXDkJbaUCm8XQQNvuk447dsMnIekdR4fN3Hl+:d8GKXXabL5XTk2XdR4l1+ |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk.RYK | 1.38 KB |
MD5:
ea6864908039f3431e4985cdb1021391
SHA1: e1acef49ca309d0bf57527b33bf05769e873be9d SHA256: c9af767c3aad9c814851f8209575aa2945883950e90500669a588a8a042a9e35 SSDeep: 24:VLg/Qh1HKfqxmAOVaADXuc+GTDzVuyfwGLaYG+jGhMKb6H3uxnqz3dK4aan:VLlhNccmrcc+G/ZFfwGRDMMKOHb384aa |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl.RYK | 16.28 KB |
MD5:
4e94a77c32a6fa69aeae9117f51aff50
SHA1: ec61c1011cac1d4f883fb43767f348304905f035 SHA256: 3692c69afa0e608afc2b12f2bb7d16f8807b82bac1320adf7c9d6edfa64e40f5 SSDeep: 384:gSci3EiEYvomaxtBwuEFdLrTRguU/rnrRPKTtBGEf:OUEishtBwueHTeuU/LrZKTr |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk.RYK | 2.63 KB |
MD5:
b035e1fc1b2341401b6e04f7e6591917
SHA1: 7fa2e5d60b8c0be47f46fb6af06f9352c60e542f SHA256: f9ae7548a61e0d74e9a2948b7a1da2aee21ce88dd5b605608c5402d6eb967bcb SSDeep: 48:q1zuVuHKK8KxccmcgB0AJq6ZPRAa3+3EAQpZ5nfcY1E+VbBTMn5a/LK5o+4D:JK8KcvN9YeSi5fcN+Vb6n5aO5ED |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk.RYK | 1.42 KB |
MD5:
320b22529433a6193057ed03798ad8be
SHA1: 4893b176a35de20b609e5d8ddeffe46d2e21c05b SHA256: 1243c4b127e6d4c92a46d1e80f86fa9cec7daa5b3b26dfd7476f100af61b96be SSDeep: 24:/NyuhwQkRosswB3vpS9lMfRqu9T6L+cFZDzysQzAzcSexgvq8VFWN8RQn:IuhkRBB3vpHfk2TI+cFZDzLzcSchke8s |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml.RYK | 2.21 KB |
MD5:
e22e9bcbb84cdb870fb9393ad63c76f1
SHA1: 45a1da6119648b4083bbcfea2bcc46f1c15199a2 SHA256: 16a843994e9d30634d7c18db3fd6e4cddeb6f64fbba8372e0330b82654c2c8d6 SSDeep: 48:bhcJh3hCTa+lgk06nCmv9eaHh+e5lzWbDp/WshXq64bzti/izX/bVXWtx+:NcrIFyk06CfaHhN5Wl9h6g/K5XWH+ |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.bmp.RYK | 784.33 KB |
MD5:
b582be723b9100ce350ea13bcab06cc3
SHA1: 6666cd59eb1e66d9a754b7ba499134576fd4d9f9 SHA256: e59dcdca51aac31b2d48d93eebbb50013e8e304a48e61a8141384b0d0c508bb7 SSDeep: 12288:yfh8rkzA3pMHAWYWCLCg8An5LZ8Nz7NJUo4z4y0ApKaV75oh06T2bPU/QcCj1Zk:yZW13SHApW4CC2rlNM75E06TaU/fys |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8.RYK | 10.00 MB |
MD5:
93eff481a09d4743c4672188709ec76a
SHA1: 484a1b7a9096b48e9535fde293abda11f4845dd8 SHA256: 118d6d609e83e7e53c91c8d330d36d6031a48861577d150c83e9469bd05ee1c3 SSDeep: 196608:VyqECAMrm/WyvONqviB7JzEShAmGmuHUeTLrbhN8+TEhJ9WuOKlj9vQy267V:VyrCAvfYlEKAmIXhNm3bYy26R |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\300.RYK | 0.41 KB |
MD5:
763e562185d7c950e6617074577d3b95
SHA1: 5de138ae8292333d5260e6a62ab84052c62fa512 SHA256: 5692c6faa62cd0425ee575f58abd36b62569504c326760e8643cab015eadd704 SSDeep: 12:A7P4VJWC4qN4yTY4Yz+xUYOpE785KnPEu5RKydpn:2zqN4L4YzfpE78YE8g+p |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access 2016.lnk.RYK | 2.64 KB |
MD5:
af51e5c3923d9dfdaa409c2049dd09a6
SHA1: 822328de07965db94a1ad38b63602c0d6a8ad34b SHA256: 7566c90f9c5813731bd755cf31fac034234090f1f501675f3c3402c8284baace SSDeep: 48:erAKwc/gwGg9JZPmDuLyq4vH/kvjCknr0VysZxO29+d56LnvnbQFlQ:erAvuJZuDuLyq4fabr0V7x3i1K |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl.RYK | 16.28 KB |
MD5:
250ebbb180089ffe82a7d8d8332e1393
SHA1: e53687e5f9f16eacc718400d6c68679a60b50e0c SHA256: a904f9e3309e8a0b79aaf49f54edba3d9a2d2463e50034918061ed0b1bad7792 SSDeep: 384:pjQhjDEBNY0OMM/GoOb5vHoa9bfXf23WXUq54HtZAN0/O:pjQhjDEBNYR/cdIKfZ4NZANb |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\287.RYK | 0.41 KB |
MD5:
bebf2e1d1628deeb22e503fd69220559
SHA1: 1826de8c220a6ca570af750007398f483fa6d562 SHA256: 9a0230141548f028833273c11743239c2cb009607f1670aa149a472d62bcacfc SSDeep: 6:y4Dok4SjvGAtQWzAQ62W/1p3P1lAoiqzMOGwF/RBFCgtAnnUEVQRH8rxcMh6Y:KkJuAtvEn2WL3PLNiqIO9ttQcH8uMhz |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Search.lnk.RYK | 1.83 KB |
MD5:
724ca372ad76045d8eb691d86a572f7a
SHA1: 0ff2396fb1e061644f4513e1ae372b108440e1ac SHA256: cb1d21ab8b7cc44734050cd0b31da71d38e9895ef0ab57ce6f8e4e458c3c3bbc SSDeep: 48:12A83U+By1+g7DzVW4UscZVidXGXNMin2VDys9+E:YA83ULH7c4U8dX4cDyK+E |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\3\0000000000000000.idx.RYK | 0.36 KB |
MD5:
a1d1fafaec278573ecc7f9cc093355b4
SHA1: 0af3aad604c45d2cf92fe536b961979893ff36b2 SHA256: 2b316436037a037682cf785efa40c873d0239b6507569a1d27117e62a0b07ed0 SSDeep: 6:/qmphipA8rswauva8eBhqePTcLXxM3wK726aOnOKZ4mKGQ0poeR7jRp:CiYfaga7qeLcLqwqJaIF4j0mU7tp |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-40.png.RYK | 0.71 KB |
MD5:
ba4412afe06b8bbc5711659b477cbabc
SHA1: 2e098b05d53c4f7c6955c7abe1fb0370bc611689 SHA256: 74c8c637b42ec53b4f4c4f5a3e4ab7104808fa7ca1be1873ae0fcc278daed0de SSDeep: 12:OnNP4gi4SQ4paBomdWlLdMEBalFtOKopOTa1QQtq2XoPC3jiqzev+DXdVQm9jGgT:Iggi44pa/MgtOKcS2YC3xzfRjGI |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.png.RYK | 5.55 KB |
MD5:
2193c8a35256f069edd30c168f882211
SHA1: b585205867c7bc5a86c26011b6f7fe7d3dbe5d31 SHA256: a2d0f37cba94fde01e8db6f5a453f8fe425aac9e82311d2ba943b180c75a4682 SSDeep: 96:HDTpWv9kY8+mF9cS2DSB0/CnrhBhspmMuVJJl2GgNkIbXOltkTZhTYHmFFuxa085:HDTpWKYX1c0/CrhBhz5VJJyuIbefy+HC |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk.RYK | 2.42 KB |
MD5:
723a04b937a22ae937a4f92788dd5f88
SHA1: 969ec4dc06a785629c3307bd88b884c9acec1473 SHA256: 5efeb4844f7cc8a9b18af6a23682b0413c3a7ed949a6818e5a73ac56328509ca SSDeep: 48:36qnNaULR1PZ3tw216vLE4FHLvsRsvB0IYIk+4l6dPIXvYrkJ/Af:36qn4cfRcvA4FHDskBhkJgQfx2f |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\267.RYK | 0.41 KB |
MD5:
2a0f1f959acd44c21da32738675d22b5
SHA1: 8502d47a433b993e4e1f4a37329c9ea4b448e1ea SHA256: 29c12ccc1e8de10cd97f8b15258406345315228ac4625b2fd784d5b0b9b37ba3 SSDeep: 6:zxlgbSX3xtuIuWEGFDG8wsG6RS3ob+AXUomCDGUf9gXpPKHOolD7wv3Oecx7hDBi:EGuIuWEGhFb+AXHyUf9ghKHOIQcxdDUD |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk.RYK | 1.60 KB |
MD5:
b4e7af78e4ed074999348fca4d337ab8
SHA1: 43662accdead9d3602c6ffe8c37d4ab0d37cbc45 SHA256: d1bd1c9e94e56824362ed879fb1c0a2e8ca7e01c6e61c19abc3780bdbf947072 SSDeep: 48:e4ml51gPb6jjZXUxeVahWm8i3ytuWNSOv7Neh2+k:eQ4jZXseMj3cuMDokX |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\11\200.RYK | 0.41 KB |
MD5:
7f87e4922997c836ab1244fe624a6a62
SHA1: 66c115f1ea6131e52bce53fc8f739f51ddc5bbc7 SHA256: 29e521d1118f16937511bc9fbe45837617bd72035ae2e7c84b3fb049de726c38 SSDeep: 12:kct09ErWal7qB8eDmJk1M7fKjg9q140vToLG:kct0ardlG+eDyk1eCkIv0LG |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\262.RYK | 0.41 KB |
MD5:
94475675123c38ce9934303399dfefd7
SHA1: b8b7e075c5d84c75eab1297caa70f5d19eb8076e SHA256: 3d1d4aecb1c203d24866df4dd5f1d0956feafdd74aff4fb1fc1696b51ef34bc7 SSDeep: 12:ii2/FpsX2v9HVY+h5xtHgq26soDDl0deidYyW:ii2bsXElJh5Apw1IevN |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\MiracastView.lnk.RYK | 2.44 KB |
MD5:
5ccc40f290651d1865a9d02955d6d0fd
SHA1: 045e8bbef6c11998f288f281c1352859419e32c4 SHA256: d84723f1a20239f4a3a68b3a304adb5f8b7017ad11b20011c5cab81fe60af3ef SSDeep: 48:+bNpq/4uFVjajrzBMMXSKg6bW4l0CvWfyHDasLwIDrofPm:+bcLjajnukSeWCxH2sLwxe |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\07\273.RYK | 0.41 KB |
MD5:
5530a64c30830d98d35e9eafeceee7b6
SHA1: 9a3ccbda84a1e2f8076acf442becb60e26265c1e SHA256: 8db75ff8302ff2095282cf393303be331210dad618c6780a415f7adfbddee9b5 SSDeep: 12:DrKuhj9mbkrE1Zsyh911EN1QNRXWUvpkD:HUbKyh9/EN8Xbvp8 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Live\WLive48x48.png.RYK | 4.83 KB |
MD5:
0c878f7b49de064c61e106fa9c137194
SHA1: c65063ff0ae4a96250dd107240531e48b8af8434 SHA256: 153d9fa7dc952761d9017f2ebf77dfcf139f84ffabbf2bada54c39368f871b17 SSDeep: 96:lftq/a/iLj9Cr5pcRm7MyG+qQV6WrgyGcD+dJnWTzwrfviLdxdqpgWw7m5PYp8WI:lftGa/iNCgmM+p/rgyG8VPGCLLdmw7sL |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl.RYK | 16.28 KB |
MD5:
4d8c899811ea2400e64d76deaff4ddd3
SHA1: d0318ff2d2a639f5ab8ceeff71de9d969b12e4ba SHA256: 13a3db2c9780179665950d246f31cdae400851fef4ecd93b0aca965029a8549a SSDeep: 384:bp0myvWxnvePLdY+rRC+TbiHD8za9POaB3AUsyp/PFJRPtmRf:V0mkWlvtG93byPO9UsyNFJRoN |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml.RYK | 1.63 KB |
MD5:
fd3d26974a83fa734af50c7d40cc2718
SHA1: 28021111e6df20a673a3c960f0c766a21beb9027 SHA256: b160f7a2ac03d9d59320db9bafb71984ee0188b1e959cd0f4ef6a215aee0024f SSDeep: 24:hdyCy1etQ2eBehyuExuN6rehaLqZMc3TvSNVIF9CgiRcS1DHVUyakSipv/glq3:LDGeheBgEoN6DEv5f4RBDHVNaQ5glq3 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\197.RYK | 0.41 KB |
MD5:
038736e5c6e549a00e1d347541035313
SHA1: cb8c6eeab07195c5d5d2b4dbe528f5c29b7e9cd3 SHA256: 7172c5d5d8b370b7927e28661a64d43640d5f31fba4a012b47ae43b397cb7e1f SSDeep: 6:eT9ouBd8EyZncoHHjRSu7R2JPPiQiP6eDQ3OAUNiROlBJDBxRSUeq9ZQLZC+mhn:eTZBdNy5c6rQg6eDQ3GNnJNnSzQ |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini.RYK | 0.55 KB |
MD5:
458298eb43d8ba28c0ae9699aeca87ee
SHA1: ef7896f15ff4321bfa9ac5d58a53bc1cf4aa9b22 SHA256: a5a5906aefd51bc3bda0f034ffbb6a123c48071329207676d44bedd715b761d2 SSDeep: 12:7kPv+WfW8jiYiAUaaOvRLDm7HNdeF+sc/ll03Ygxn/fw9TKUvW:YzWwiYgalRLy7tdeQscdlp0Q9TKyW |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Desktop.lnk.RYK | 1.11 KB |
MD5:
415c401c53beb61736eda7c6b6d2e589
SHA1: fb2fc93c3ea438cf45f431fd8d84f85aa6b5d1ec SHA256: b91e2f649b170bdc561f55d30c2e11f8eca6881504c6cf17b878b32606dbaeb1 SSDeep: 24:NMoDGfnWYH8xcCpbv413GH7b2KzR7KK9V3+7QKU0SlrTG0CLi:NVGuYH8xFpbv41Gv2gRxV3+7fXSJilu |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl.RYK | 4.28 KB |
MD5:
b94f28f6d32fc5eb0c17e728eb1227fa
SHA1: c095133b18c470e8556376f3ca085d4b18bdb427 SHA256: 0cad2ffbde50b5a9117bb7236123a94d64af6c4f6ed1e4eae4c3cd47871f9931 SSDeep: 96:MkE5By/Jtpjd9mAmfoMqP+Uhp26TejO5bGu7eR24aGiO07c7zQRQ5ldXeta:MqpRoVqWUhp26TejOVaQ4rVcczrNz |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word.lnk.RYK | 2.67 KB |
MD5:
b013a840466204c19bb128b3cb5bb252
SHA1: a1333d1353c90429087a8a6b64de821389d89d83 SHA256: e3471fdc4b6fd03269e7c3a5bbf42a7d55d6c0c7e82eb6bb28ecbec0b977e100 SSDeep: 48:LN4pwh/eOGXcUw7K3QGC5SLw9sgC46YmCtvqrP1sG2P+vexAs3WTwH2NK:Rcw1e+UwuQGCjZNtvCP+GHWFWc1 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png.RYK | 0.77 KB |
MD5:
130b78cb1a1a0c495e642ad0fb3bcbd5
SHA1: 930a901db07b0518f044211b8de447a016bef63a SHA256: 469b00ba1fb47543410ae7301ab6aea1c037f2a3d6cdfbe9d5d2b2cfbe926e3f SSDeep: 12:Xc3oy4k5a1dDeJ6jrRjMRbgT+SZmNCPQ5IrCkiLn665HeM/6Cxn:Xch4RDlxVVIN9fki7heUxn |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\14\9664.RYK | 0.41 KB |
MD5:
65bfcc399f84b89ecd04dad4f64297cd
SHA1: 92145c3b6743baed2b56c4bc28d894de2dbbbf7b SHA256: e6a3abcb7d0e8348d5ae6aadd3decd9c1146d9fef8f2f99fde519e1b4311f4a0 SSDeep: 12:46jYa1wQS1UE/fk6UUrF5fjgIej8hti//v7GkLWB:4uwSEU6xrLfjejMIXv7vO |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Immersive Control Panel.lnk.RYK | 2.56 KB |
MD5:
681badab6457c9d167a97f6239acc443
SHA1: 7ec5b7eeb0a68b5066e1d7fe0d5bad67b7c2deab SHA256: 6dc61a6e8af41938aabdd9173ff7e10a82b469accecc23a1510d0b7f3605ce63 SSDeep: 48:pKG97+wgofEYJtLQVGHEJ2JvrW7ZO3IfaoPgcqTA03hW7SHaEcC0qAgF:JhlgiEY/QskGW7Z0iaogWjEcC0rgF |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url.RYK | 0.46 KB |
MD5:
1b20a6b23cf36640858d1460c9c1871f
SHA1: b98b6996933f6d825054d8caa97ecc007b9f6258 SHA256: 6b6adf2ee4432dcb924c364b70defc61b392202cdbeb4c7f08436246c1434fe1 SSDeep: 6:WXaYvG+px8nkqwF6bvlnmVJXJ82gZyVDTVfZj3kQdRk6tH9zOYmjAaDBySge3jAL:KafexYk+mD5xD7Zj3ZXH9zOXAsySvC8u |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\272.RYK | 0.41 KB |
MD5:
b3bd34768ee58a519330f77cbaa29c59
SHA1: 0a7c81969cbdcb4aed5d2862f70d13cf4534c6c4 SHA256: 9437531ee0799185eafe04155c3e96dceaab6f31860e918bd05442ba98dd2801 SSDeep: 12:psNoqw8vQ9kri1LIO3PWSH/xoRdE8gLJn:iNdw8qx1M4VORdEfLJ |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk.RYK | 1.41 KB |
MD5:
fc39a0b01d2ac1ce027b772d0099fad2
SHA1: ca2dec6f87e10bb7ac67875a4c131d121224dac2 SHA256: feed7808ea5f7129487a69e56041f36ba1c130943a7ebc656ffd8babdc1088fe SSDeep: 24:pjPEDH9R/yF0LfAuS/3conSdCf7rv5t/wSX1Ci4as9BEBeMajggWqthDLAZeQAUH:hPEhRnzA53SQfZt/wSX1m8gMaj1PthAx |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\StartUp\desktop.ini.RYK | 0.44 KB |
MD5:
5c00961b9ec206e12bc354b01dfa5a2a
SHA1: dbe7965998592fc30f7433c1cccfbdeacde736dc SHA256: 79c75968757b514be281a6aba8dafbd0022b98b234166d0d7eeabd6ea92bc703 SSDeep: 12:xvpr7uHp26dMkYCcxkkYVpyNniHZLDblQyo2CKrwi:xvsHM6dMkY3kDVps6Z7lQn2lrwi |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\328.RYK | 0.41 KB |
MD5:
1db822b509e0bbe49c5e57aae6c05399
SHA1: b47825419052d54d8b433ac8ef19caea0e59d407 SHA256: 1b1fc793f3cd2de498d5a479a9c37537b07a98357c7327915a71d4986321c8ff SSDeep: 6:BMf57XBA2vu8l3L3cmRYU7JuZhN21iu8GPTehQ1vKWecJ7x3oRQ6H3ao3kExF/dv:BMf57hvJLtYUo9sehmbx3N6HgkdUDi |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107002.RYK | 0.41 KB |
MD5:
3ef479721175622e55953e0ea80e15cc
SHA1: 825de57d188ef85dcd55f1214ac290be73f0e701 SHA256: 92bf63531a80333e20912a5b186d4c43151e6dfb27066437efb57170e39f9d14 SSDeep: 12:a4TCdIlhczbPcU7avtyazAfNUF/yetz1bnDPsmdrnOnUTN1G:xgbPn+1Rbz5DPsmdrnFZM |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\199.RYK | 0.41 KB |
MD5:
05305617a2e228f5c8b254e3f62e3c6b
SHA1: 6431cc4dbca7f373c339da50eaced82e03c0897c SHA256: 3e187699dc835b695a842e02501fb509647ac7c586880ba4fb6ac448cccb5b88 SSDeep: 12:SUJnWgzk4eJ/Up4pRY8JOAbL+BE9qH0ny8SXSn:SMWsIRY8Jjfb980y2 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\1\0000000000000000.idx.RYK | 0.36 KB |
MD5:
e5f4cf3e79db54c833e5d1f44bdd64e9
SHA1: ea9910f9b5a3fbf113aed08268dbffcb836882bd SHA256: 37630ca38fd66850fbfcb3ae54d87ffd598136402fce946ab2e8a234ae13fbc2 SSDeep: 6:CRRxnAFyvFHwRK7YSPHvmd4cpAZfkIDlLH99cbXjxBPd+T6AaHpSCTxDOKI:Qxn9kK7HWRpAZcI5dW/j/FrI |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini.RYK | 0.64 KB |
MD5:
8d3e365a68a9dfdb44e09d78524f36f0
SHA1: f1b0362cf559ef383441a8d032300d1fc3a8681b SHA256: 6cce7cb4a80823bc98c49c27761a96ac09cb254752b061f61a4274d52b070c74 SSDeep: 12:ML1i8Z5jMXFyFmdo2kGvv7ggDs3Bm5B6z/bfnxQZBpykw:25jMXsFV2kYjJQoqznCB0kw |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl.RYK | 16.28 KB |
MD5:
08cd920090ae26a8a1ef6e221804ddb6
SHA1: 15d26cc4a8bb4cf62bb015904602498d554514c7 SHA256: 96d51f0e025902114afe0287911259973386b6bb07cd911a1a1ad8af5fcd9644 SSDeep: 384:7kB6XsUnOP7DXXdI0AYsWabhn5SKBQLnLxvHU:7kBR8ODTNIwun5SKBQhc |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher.lnk.RYK | 2.63 KB |
MD5:
f21706445fa097fb850c8feb6211e4f3
SHA1: 1f10de46b9a025bc1f2463d351647eb18d7b2933 SHA256: 91a72e360549216d7523754e47ab4a52859b9566d5f4fd4077a6d3af06602ac3 SSDeep: 48:REadGV8lSOQjuS2eolr5XrLt6fFGkQHCw6xiK+POyZ98ZJ3DUt7/Dj:qafo7juJLH7Lt6fAcxi5PV98/IJDj |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk.RYK | 1.38 KB |
MD5:
3da139dc1bf89589612bca83a5768faa
SHA1: 4fca3d6582ba1d3887df8d4a4fdcb59c07b2a74e SHA256: a1729cfaf9935ae9916522a730b2e8fe9890bf0901d4037939572e5ca9f66d6a SSDeep: 24:oFdYhQvvCJjh8HIeDoAHHQzjy0uXhyzjyCc3w/+erbUT9sZakjVf+fMdUd:oQhQHCnSIEHge8/rBbUTyoG+d |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml.RYK | 2.21 KB |
MD5:
9407fde948e785b159acefbdf9bafd0f
SHA1: 7c8827316422b448b27b9d72562314dda44a406b SHA256: 3e8a7d1ca8f1bda7717ba6d388811d2a2d504e2ef8e5b8cf1f218ee6e5f02c13 SSDeep: 48:0lsrAp7MhfBF0lpvrax25j7UJu7Fh+8JMVPMIvamCi:Oj7MhfT2JV/+nPM7mCi |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk.RYK | 2.67 KB |
MD5:
b9b931dc8944e691a7510afc9bd858bb
SHA1: b8d38a1b2ec8adf73a351354690437a34c8e2732 SHA256: c3f93dfaad54df5902ce4ae44b12fce33441bd52fa6476f8ee5e939362f30ecb SSDeep: 48:aS9JFvKfYFbZYc2TAjkyZ2NxcLtaroeNSu4BoHRt/sMkAKT:HovcskoYpazt4Cn0B |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Paint.lnk.RYK | 1.36 KB |
MD5:
3f244932296693630baace9f5d47cb23
SHA1: 13de4ed150a68e5fca401dad2dc19218ed2afdc5 SHA256: 39da025a90a13e13e7de0ffd8c42d530548bd6e13bfe7dc2cb98279f192aba92 SSDeep: 24:kEv0qr8nqXvLCc32Z1zvLvP0k65JH69bi3ZiytBOqRSJZEp:37InqXR3i1zvokkH6YPVp |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini.RYK | 0.72 KB |
MD5:
0a2f700037d9f8fff3c573b4b8e641fa
SHA1: 02d82743f73d21d219cb5f85c1148d9e6fbfce21 SHA256: 4c90df74def91154eeb70a2122c4a5aecc946cc999b4dc78546a62eecaf53118 SSDeep: 12:e5rDarKKlxDaS38vaSwgcSGTiBQ2W9Tku5l+C9XXF1POKYQJcYpvGPGWQWmwCDLn:eAeKlx2SsygGTi2k2wQzPmQJjEQt3DLn |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl.RYK | 16.28 KB |
MD5:
86158940cd7e8c0122122a8b6235cec3
SHA1: 270ad42d2484a1d534dd5bc7850ee7c7ba2a9e48 SHA256: 354dc8bba9c8a43f94a53046d4918186fcebc0d180a7bad6100df3c528fe2701 SSDeep: 384:uez7XBfUmZTqu1cewfdnwACTCsJWIy3FJD9I/ABntYzHdTZlCDN:RHXd7ptcNf9wRCUy3LDK/AFWnCh |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\271.RYK | 0.41 KB |
MD5:
e4387a18f7a4e6bc3e6be3bd94b1c1e5
SHA1: 869de5a88a5b1462074b7342d2662a6451d2ccb0 SHA256: eb744f483b3f0bb688e3920b1743c1f68c9d1efe0af2dacc66c9f60c3feb3325 SSDeep: 12:gvUyax7edcyfpTDz3Dr8BFfxT+wQ+g8uc4:gMyax1yRr4f+Ouc4 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl.RYK | 16.28 KB |
MD5:
47a176790ae8314a49ac659f0a4d73c8
SHA1: ace62e3d6ff3be7c615a71b9f7df0be36bceb60e SHA256: f328506738183e312da5242cdd1fcae9590f579c5f3fc79e9d396bc8a7e22692 SSDeep: 384:tLxrKh8UvpTBbD+MVI6QGLpuGugujTC1z2SGNW:Qhtp4GoGuHS/d |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\00\192.RYK | 0.41 KB |
MD5:
f2daebf1b1a8402c9fadb8650bcae201
SHA1: ec05a739f4f9bc9fe1ae328bbc929afadebe777c SHA256: 8ee8b5401974afb7756a42d766850cb15a3e51487712c333fdb027019be97c68 SSDeep: 6:UGBuv+RsvKw6LFPAqXhLSOVXI3Tw4wPPTbxzSvaXbO3O6Qw1eAO0yHSAjIyBTd4S:JhAr6R3hLfXI3TwBzrQ0w1e90VEOgV |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk.RYK | 1.50 KB |
MD5:
cd3966e781e4e76442632218f555b8e8
SHA1: 1d56693e799a4dfdc04429d3968db3e04b602524 SHA256: 14bf7d93d54578ece784b399bbcb171876b7af5d6fab24d76d6c7f6fe6979203 SSDeep: 24:8aV52CUTY3dOjvbNDs0mzNZ/+U7f5iNS55TKrugyKv99GAbqZSBrRf15B3/m:ZWqdm8zNF7xyuPJg99GNSBdX0 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\196.RYK | 0.41 KB |
MD5:
ed17bb464e1545aade3cf96084b65514
SHA1: 4a24970913ae6dd25afa04b2129eb4432a38a888 SHA256: aedb4b79832c18859cde08b1d282212401d5047a9fa2823cc484340057b8894e SSDeep: 6:8kQyuaox1EOuyO0KgO5N5bVwmhG7CN4HNkVTS5eXGnUB7BH+8+eaCz4eT9tFR38:83a+iyI/r6tMSAXGnY7Bjlapepts |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk.RYK | 1.41 KB |
MD5:
a9b56eacabcb51710ecae7312085b558
SHA1: 56b83d7666f6976325e18d9068a19789fa520ac3 SHA256: 70d446f374f75589b2423b06dadc22ebbe68c91271a13723c25e910fbe276e64 SSDeep: 24:v5g0GZxW0vuPy+3I4hPXapCbWziNDTVpxm8dUe3L54jV42u62xU7n2Wx:v6Zx9ZKI2QsciNHVPfdZAVLUQnh |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp.RYK | 10.00 MB |
MD5:
67b48049beda10ad696e396fef39d950
SHA1: 466a715a1de5dacb24e443458f0ab5d385a7ea5c SHA256: 54b82ab40de4ee022d1a67eb445edd900bca0db3861886170d9006947496e008 SSDeep: 196608:gRB/okUOs3EAel2YxWCqoM4ffR/uRVr8E7ejFul:gRB7daTCqSIGS |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneNote 2016.lnk.RYK | 2.61 KB |
MD5:
606d9eae079666f684b6a831d0cd4587
SHA1: 4b7ce3719cc26643d92970422e4e17a66e2e6db3 SHA256: 62dddfbb666dfd9546657bf8117bd9a8463898725e38e457ceb7f2ca62c92555 SSDeep: 48:RUVPnCJskIsh+MIj1KK1oIdsapcTw1j//XLY1KO9lInY47eVJp47Yh1KbNGWW:RUVqSk9hyNoWcTu29lIYseVI7SKbMWW |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\266.RYK | 0.41 KB |
MD5:
27375307c83c8ec8b5ffa438309f5e5f
SHA1: 5a8407ff336a66dfbccca4955f43f4d4e48719ea SHA256: 785de662f63456fc1871a1f565342896fb0dc7e1bb73cbf97258689c1aadae60 SSDeep: 12:8z3teXxrf3BPUCbkg8Gi4NRpmB03+yGtV2/oViU:8C3UCbfi67mKgthkU |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.001.etl.RYK | 4.28 KB |
MD5:
f6b31d51048fed7ba59160a38d5e07e6
SHA1: 7b12ae7962727df8dc36db1939cf4500637f4342 SHA256: bd8b9742622f1d455a8175361be62d5e651e894e989589da1c39a6dbf1bb411d SSDeep: 96:wJ+rbeG7NnrU2esTbEE08bpfBsfC4zdNcYC6LglZvTL:wJ+PemnrU2/dIRZNPLAZ3 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\13719.RYK | 0.41 KB |
MD5:
16629377b5a94cdd9b3d98f037602052
SHA1: a9295a2d8bbf3457b89b4a3212453c76e9a85bbe SHA256: c0c667575364bf1358461875701582b6ade8262273b7c26f1e949527df415bae SSDeep: 12:ZRt9j079DuS2C8T11cp5TqUZXVj0GFHpvB1sIXmtY6AK:vtm7AC8hy/TPoGHpvDIll |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.png.RYK | 5.55 KB |
MD5:
dc9d598ac7d385a1fbe0745d28b10d61
SHA1: c26524eb0d47124b922d4be871be1bf009940559 SHA256: 2b9af43c29a46b9f18639d6eea67f19421f9ea7ba52b5fd66d1ae8b5afa2e8f3 SSDeep: 96:ZPnmsSCRAjO+QvtkX/93WX6i6tVaAA+9diVXjdpoDcIi0+PzAJTMAQZH1:ZPmsSCL+0tkX/TVDAssdi4IiZkqn1 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business 2016.lnk.RYK | 2.67 KB |
MD5:
dadcab4f2d62aa7dee9c6233bc3f2d7d
SHA1: 56b52f6528f03d00c9edb5818d349bd83fefff45 SHA256: 9e80b0b02bf184f8bd6bddd7ec897b0f90e37c8c5e74f42be53fe59164d934e2 SSDeep: 48:0wt2NEgBpV7J1DHhP6Ps+lai3ofCXmDlylni5T9sa6J+hY9Kv+g4atH+T:0k2NpptJ1DBPAN3o1RB6J+hiKvRDH+T |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl.RYK | 16.28 KB |
MD5:
15e51f38bb0b0f6f0ca4875de80557bf
SHA1: bd722b2bacf6e097889247e3d6fb478706aa4821 SHA256: b8df085680a67c24fe3064d71e51006c3bd496ebc60f74bfc20b9822bae75dd4 SSDeep: 384:dXevRGlbjc5Ft1qm1kIw/3EX4BQ5oO0n4XTfeENPuajfK3t9w8gr2U5uE/wj:iRGlbI5Ftcm12/AcQ5RNPuqK3t9lvQud |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol.RYK | 0.71 KB |
MD5:
ba64bdfddad8bf4721be2dc57fb77de0
SHA1: 1632cb63d65b095f74c1670484a7c026200f174e SHA256: 4bf14efd5818d594c0f88a4ee9da20a8a54b471a6a9fcb3f45632a6ba1330d53 SSDeep: 12:gTJTVMeaPQzbgv9Q6020kIsj6rqmn/YVst9QXF5SdMQSzfIIvfWndrO2:gVTVWPoa30P66rqxVPXF2SvfAJf |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\13\278.RYK | 0.41 KB |
MD5:
3b7279680dd7a38b4bfcca2d70e7a812
SHA1: d82b3d5f831add1a7d203be79e46c3936df2bf7e SHA256: c837b1e0372246de6629150b345661b6d06fe8a65f73bc962c55e7e541dc98fd SSDeep: 12:uBCvzAVfoeyHLtyfwVNQPqTLFuZ5HiRgGMv:FvzAanZx0PyiYZY |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl.RYK | 8.28 KB |
MD5:
bc043d2fccc190d2d5c40efb060ee89d
SHA1: e81b38709f1b60e2e6f7a994afb90b2ccb94abac SHA256: da16e527e3633b6d6002454d115d6fa4d987d156a873b97c1b6d2f890825a3f9 SSDeep: 192:dwAiKg5tZoTN4fnExA2Ll12/o1vs2SZhiv:dE5DoG8532/WvsbZhM |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk.RYK | 1.35 KB |
MD5:
e2d8cf8a721eda3bbdc113e83015b6ae
SHA1: e8150d86de41d794e49366d8aa8eb897e37cbaa4 SHA256: 0282e9d247eaf1021f9324e1cfb84c4ebe24ae238395556bb87b5faff136ae42 SSDeep: 24:ZHKGIfEg8pAwq7RuZdfOt7ZT62nWHdgcM1FYqJgJ54lJ40vKRrQ:lKGIf/6q7RuZdfOt7ZWHdM16qJoUJ40F |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\12\194.RYK | 0.41 KB |
MD5:
d1829709b2a4ca0746b5d8a5605360b0
SHA1: e54ef11845a1c45d8eea455070e275d37b241a90 SHA256: f53b785d1f9fbabd842eda7614949db17b478235ce4bb3f077b774b7e99a4f8e SSDeep: 6:9a5/GEjpDYMGz1YBsV6UaZCD1LK0VE93DEeeybyA+grIvB81gc/rMZb66CyBiB7N:45uwDYpJPaMRO0VE9z1V0gFKD2FxwW |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini.RYK | 1.27 KB |
MD5:
2537892918d7199c5da36c1080ba8156
SHA1: 595c192d66e4bd333fee720c1301bd4dff1baed0 SHA256: b25cd65acde02d8cfbb3c57d69fe7da963d5807138b6fbf808580d31daf4d8bc SSDeep: 24:F8DrxCyEX3f1DKj16VP4umufSMhgicfcqdlJiK+ojqcI8pQzx:mDrxpEXahqRhbMcqdlMKbj28pcx |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk.RYK | 2.64 KB |
MD5:
941435c209d1b2ce23836922fbf47ef5
SHA1: b9f9dd8f20bc6febeff1f0c89216ee61aadc24ef SHA256: 884cf1584b538e350a5ad025ec584bc77cecc569a65b31a37bf0178391e60504 SSDeep: 48:RWDHoQEXbJIeWaqAjV/RSh0RceJbbDrX67dWyuAzhWyPfVj2vmW++9YRtzq17a4L:aHojXkojV/RFJP6zuAEy3Vj2vmW14zqT |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\02\303.RYK | 0.44 KB |
MD5:
901ce2745769f7d463250004ada87611
SHA1: 61567b2d05b770be674fbba0a1e51d9190b09387 SHA256: 21888eafef2ee35dc4f7a4006c7d2ea42d5dd84e7a210b0e9017455a4eb2b24c SSDeep: 6:mw/WlGntjCDnZz1VSaZJ/irSlL9pR4SDYujyWSZjqbz26n+fGdQab+eB7Yk+Vjpf:mECdz1oKkELlDFjyVZ5GtJV8BFPiiB |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\13712.RYK | 0.41 KB |
MD5:
a408a70a5d84c5d1775cf8ece49659cd
SHA1: 761936a12d8240187cb06a5c7a596e978ad897d4 SHA256: 15ecaf804ae42095f5479def1db9f9c93d48729b8fea7b8a57faf3898827f842 SSDeep: 6:iGJ9d+Dy7SAHRhJBeMUKLCyC3cSLB5sur6bDvrOEit85Gh0Ds+dXL6tD7EPIIeAA:L9dcyXJ7L+cS1yTbnXimchqWvDAohr |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Pending.GRL.RYK | 14.89 KB |
MD5:
4166a57d648b1ae6d93819ec7fcee4b3
SHA1: 20ac87c46d47750973eed98138cdc10a0e20b9d8 SHA256: 29d9f584cd15b229543fd2b520fdcee4aa5a4f019f69404f5a102e1bbb50f381 SSDeep: 384:BSDeLMjt3p3lpZsIwjm+msafWMCe9H/TgeQG:BSyIZLpuIya+MTRTUG |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk.RYK | 2.67 KB |
MD5:
b7be268e438942f1279a58ad96ca07a9
SHA1: 438b5da31a715de40197606bb1f50609e98eb439 SHA256: 9a1126a79526c97299abd89ad22a17c5bf3d6fca541f8da1bb075b0d8ee7c412 SSDeep: 48:jGrvctbfhF4rOsyeKmLUU/KfJlY8Jd5vsY2a9hV/UAAgnoEaP:jgv8bZFzeKmLUU/Kfk8Jd5vskT8AAhEY |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini.RYK | 0.64 KB |
MD5:
6e7ba2db7c4808a0a3b1ad8c91efa697
SHA1: 3f9d82a54cb8e4b7fdbd2de5d97073f68b28abd9 SHA256: aae9463e92bded0f9cbb98f8793215459f8a9dd9b2484563348157d36fc664c9 SSDeep: 12:EoCLD553ZI/QZH1cLRxT+FzgXaadXLGWTrcmUZhK1MkwBeFvMZTP2/o3YPn+gqdd:EoCDjpIIZePwcD5Ic1M3wQ1DPn6W |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl.RYK | 16.28 KB |
MD5:
074708ca4ffeac99b6d215fc149c2e8f
SHA1: dfa6daaa8286e24f8b99cf8842b7862e4ad00c67 SHA256: 1230a5659c9f3dc00daef3d86806526dbeef1c5a31cacfdd914fcc13eda29019 SSDeep: 384:LLqsUZ6Y3/hZvu62rIxCN+DlthSeCq31g0ikJr4ron:asLcPv928xkqltopOg10V |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl.RYK | 16.28 KB |
MD5:
6d0a9983a7cdf21f9dd78e820c5b3399
SHA1: 888d466efed748d160b61647ad126781d3130ab4 SHA256: 99fee1f76ee55272a24605715428a6e3b78ac5a969e695c484d104387f0128be SSDeep: 384:QRPAZVycdrj+d/Vps5QfqRaeFyump//2S+ouLgnwKobwzkhFb+:QR4ZVvrj+KWC89rN1obOO+ |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint 2016.lnk.RYK | 2.67 KB |
MD5:
fb16b0d4acc55850b0b577f266e77bdb
SHA1: a26e769058b0eff1274f3455832ddeb3d21dc605 SHA256: 200a55dabd137bbbc64d3b4b070b547fad2ae0dcbf53548ffd60391cbbb8935a SSDeep: 48:t7LyzxrxMxodnI5uAhryU53VugN4PKfRsLY4DFXzW3tdN4OnsPhXS7cUbPMQ1zGt:tXmxrTnI5uAhryU5sgNq4aE4DFwXiOn8 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl.RYK | 16.28 KB |
MD5:
4efc3f631fa0dd5b733e55c72b61682e
SHA1: f5c9e94c477f3b73f797b57c3ecd5ff91c5dc6a1 SHA256: 7fd7d67b9956145ad4ab5c8a194271bc1e9fd30ad4d9a80f3fc1f8fc7916259e SSDeep: 384:iBV5lO00Z1nxNs4vS7MQk/ROAv0R6HBQVJE+m3SttYgyj:QVrOflxNMfkZOAv0R6aTm3S0P |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static.RYK | 2.83 KB |
MD5:
d95dbdc7b04017dac69277df7bcb6934
SHA1: 0063c40724000b62c0b42b8996f65cc53706366f SHA256: ae40988eec27609522db4088af525cdae1a210ac33911c73a82e1af9b83c4d5d SSDeep: 48:vCQZveDNsmHbULbKZEJSkVCSxPRxLdz/jYPJbgaAw8g8nQVmmuaEQlVmS+dwF7m:vpRWmmQLiEJrVCSNrdzbYxb1A0cMm7aS |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project 2016.lnk.RYK | 2.69 KB |
MD5:
fba191943805071e529d043c5c9598ac
SHA1: cec304f4e94b4c1821d2aa5408b191ed8bdb55d3 SHA256: 1dae1e5f9ac0da32b2999d7e273056c3cb2877485904b27c224dc480b8320b94 SSDeep: 48:qVA+yvxqI1bbFJOMQdLuJEUqXLgHY8lA3i7ZUVBQpPdTLTrfYGDX7a9O:VxqI1bJYM2y4gHYsZUV2pVf/Y+UO |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Configure Java.lnk.RYK | 2.30 KB |
MD5:
ce96b3a4304ca2f0f3e7ca2fb06f7d7f
SHA1: 6f25ebd533de94dc550850ed2a7d1c8b73123a36 SHA256: 1c97619b06a54681c47c6ce1940f592d1cd97fda12cf6700a650b23b4af8bb8c SSDeep: 48:X8KaI1dboEpeZXOk7Ef6CTS0HlGj6e6u3nNXOARVCzYSz1zSP2h6FnD:I2q8eZXOk46CGAGjn64nsQUUSpzAhN |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher 2016.lnk.RYK | 2.63 KB |
MD5:
2f467b4825348af8c098b49ae54fac18
SHA1: 5209fae69711fb4d28ba013feea0bc19ddbf36b5 SHA256: c7cba9d2b589203763fd354736c9b95abc6b9d5ea5d30d05ef7d0d710bf17bc5 SSDeep: 48:XVuGOhfjw+/I+qDVnxqVV5cjM9IrlfRg1o7dVsiWzcjSV8O265SfmZ17I4C3bUfp:XVWfjw+J+BkV5clrlaM3JOOO265SfmZr |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl.RYK | 16.28 KB |
MD5:
3f3e437904352274ee04e77806b073d1
SHA1: 478e9718fdfe416e122f4cac6ca800ed4f74ac23 SHA256: 18987e544c4f22c4364236bc961245864cba310b4cbdb49781d1f7f4ab84e8af SSDeep: 384:5ww4ZjkNq/bNrYYxGGgwgfE5UzurfsT2WV:5wwUjxtxOAUpHV |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl.RYK | 16.28 KB |
MD5:
b651be5e48f96a5b537116e7d102655f
SHA1: 4b6225a32cd2449317094501f6fba0c0c3484591 SHA256: 0b620bf3989e4b9579d1fa33e443b945abbcde73c55c6107ec27676c9a5af0c5 SSDeep: 384:jgZwUJsJ2jf2QhRzWC+x41RmvQujiGXMGG5aeTgX2Ne+kNlUj/hjn:jtUJ3jhRzWC+x41E1jjXzuaig8e+YUjd |
|
|
| C:\RyukReadMe.txt | 1.27 KB |
MD5:
4ee5735f110b12d65abf3fb84f42eb97
SHA1: ec3c3b5942616fc39c43155490a01b2e13536319 SHA256: a84edf098acb83ed0b28466ed43cd32cad85de31dbf313134c1fbce188d6ae81 SSDeep: 24:iVeUE1sLlHgPsoWIeTt2Ww4OFGdqvWDbbOyxGSConbildyspzRC9XYcGoDjn:xUE1sLBTwx1OvblglobsdxusoDj |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat.RYK | 0.72 KB |
MD5:
0c9911ab0d61cf15d56481bcbd1a3307
SHA1: 6535a9fa8ae53be7ef71745f44a2833e4387cf68 SHA256: f3a1eba5221cf634ae216246c1a23e898064cea32eed25397062273c4f308dbb SSDeep: 12:xVhgDQgjiDDyc0tNksm0rdxIduDYKCoV1w4xzkO2uJGcud9my2LqyN8ykPIubWHF:XhgHiDDyesHvrYKpw4xyrTmy2LqyN8yJ |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Acrobat Reader DC.lnk.RYK | 2.36 KB |
MD5:
b5c56285c8098b635a5fe0ae1e624a8a
SHA1: f6d6b5c46482b27254f345af10e3125a9fd94e11 SHA256: d8e97b14831ab30f0d0a8462d65fc0f1c9584ffc22242b6e4606d4ace2ac1a08 SSDeep: 48:snVspFnMOCkXLn+BPjBSdx/mk74FaOZLW2ATCBc9IvylR4mmhKR1iUrTYffo:aVUFMqyjkt12AOB6Iv+ghAo0Yfg |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel.lnk.RYK | 2.64 KB |
MD5:
f6bdd77e459b382cbaee3c6d66326748
SHA1: c91915111ad17e78d239373178ae83153294de3f SHA256: 48fdb0fce2d2d0d2c8ee8354daecf442d2f89ab54a7512e048b0302e3ac8efe8 SSDeep: 48:kcxJX+BDREyjOOCec0DTLCfeJGlD8abwHMH8f8Vdulgk1mRV5zc+wPduiAAVc:kgXw9djOOCevDTIeJGlDN2MHwsKUzYdQ |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\0000000000000000.idx.RYK | 0.36 KB |
MD5:
d05f09df17049de669fd783e03219443
SHA1: 60a991dce4ee9fff81e0fe7900b4f2e2436b9dcf SHA256: c66deab773875f5deba7146a58d00912f458a3f59003f8fab978d5a4d2395d24 SSDeep: 6:56/+8HAFQq+L0Voifmz2t+cWz9IoPLnYeb2Vjseud1czDQ1eihlsFkgEBD/Lovgj:e+OAFQq+Lefc2xWz9REeb2VL+WMDh+Fe |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini.RYK | 0.44 KB |
MD5:
a0bbb0c1fc1c8cd7f5055792759560d9
SHA1: 8fee8af6a2e34f05ae569f51bd57ac266b3a8236 SHA256: 2df00c445644c90dbb5eb39058e9bd1310648181d632fc237a6cb4ec0c18aa25 SSDeep: 12:sqYEPvZzMeHTlzN6L7f1SwV02coc/fYZfb:sqVZzLHTqdF+Qb |
|
|
Modified Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.bmp.RYK | 784.33 KB |
MD5:
9ce5ca70571523db2aad14686621850f
SHA1: c4688e7054769426a96b6cb270478d3974484f50 SHA256: 3205b49de41b2e98eaa6872b03b48a5b689169f39b01dcb7bb4efb78fb4f429f SSDeep: 24576:zBULrNPYuFMlSsBSun2Z+/78Vd53xzdvx:zufNPYgVsAuZAv5hZvx |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Desktop.ini.RYK | 0.64 KB |
MD5:
bf25a28a556d74e7e41f07d8c9a6ac26
SHA1: bd8b0fb6ff90b8289650dcacb100620605bed23d SHA256: 3e1059ced26467b29d20073413477e69b7b30504c7fea76e06c16ad80d06a570 SSDeep: 12:nxnJNpKipgH3t5l96I5qVaK5gVuXhru6E9d/ZpQM7so8yiKmOqArKURsn:xNKqgXt796QmaogV2hrqWyAFArHRsn |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\20\189.RYK | 0.41 KB |
MD5:
28370f29899258417c535969c5f94d6b
SHA1: 375d9e9bb71a8baf14b664da843a64cd46e66f41 SHA256: ef80b50a562a80f185729e24aa9842dc2269178ecf850bc91f00de67c5115f29 SSDeep: 12:jEMfObfUmoP9eIEHm9N2PVmjYG8hVVwy7z3KN8MBon+:30f/oVe09NiGYpJ5X6m1+ |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk.RYK | 1.38 KB |
MD5:
5d710f6cc567da3fe7073422b1cd0274
SHA1: c7e8ae725989ef735acd24f28b9232c81b301a12 SHA256: e2de02c161dfc02799d0ca4b3198c2abaa2d5f969713cd961068057369003c1c SSDeep: 24:3Pgso61eGvndu1fLpGyLiYafZikkHZ6obh/xA2BxStQntJP3Z6caHJ7yLAbQeF:34t8eG+GNVik0Z6oVxFSSt1wcaELA0eF |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl.RYK | 16.28 KB |
MD5:
c760fa2416902fd7f67fe56aa9a7a49c
SHA1: 43050ecd961def482a8fbf18a7078c0737f5c933 SHA256: 1ee55f16e0bfc150370cb2831ecc14be22114fd4af76e3cc1a0a0ed52576c606 SSDeep: 384:ZderXfZXaUCCCB128lWgtuvcRxaC9fcl/u2LkxdfNZX5Iez2SJS:ZsrBXaHvH5tXDaCg/u2LkxdzDz2SJS |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\238.RYK | 0.41 KB |
MD5:
3ee75fad0c5a50aa6673412f0a81eff8
SHA1: bde87006ea9ca2d809a5021b22b98920b4f2f22a SHA256: 2e120b317376c514bf45e3010b72f1b3089f7e064d84cce52bb7d883a1d8dd90 SSDeep: 12:I+19BSHo1EWIFrJkwOB2hn2/xJGy0t26k0:D19BSHwSFCwTAL0tg0 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Sticky Notes.lnk.RYK | 1.44 KB |
MD5:
7478b15cb951e611c0a970591dba315a
SHA1: bac1b0aae083ff428c99fa1a3406f3b236feb849 SHA256: 3c837c37574ef673c2647ab292c3eec5a6497840846c22b8d3188a891f5e1c21 SSDeep: 24:7w6Zfec5or4NjxSZuqMiHcU6vcQ7d9VzbMGHBTXKWkIinwu19pqUnUcmCwHvN48Q:dEc5GQxSQqMi8dZ/oGHBTKx19YUUlCq2 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini.RYK | 2.81 KB |
MD5:
705efdc9771d2bd0d19ba721bdadebf2
SHA1: e6675d7a96b6a447b4f1c7308b38838783256d0f SHA256: 4d58bd80f77bc68f1600c07f44c9615a5819ad092c5b19888ad6fb99ce78824c SSDeep: 48:NGVAhKj4xwavgw1Vs8W67Vk0kxxQ01LhVTPOFnr70pIw1w5j/axJ920V3fj9tbm:NGVUO81Vs8WL0kxxV1LhdSr7ijqQTvJ+ |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat.RYK | 0.50 KB |
MD5:
9c47b5cde8f9e28be4a740089f1b083f
SHA1: 165045769f51e8f467e43a6ca75bfe7ee3105679 SHA256: da2ba656f7833954f918ad6aaeb32dbcc5d78ce231123284f4fcf22e158c1ed2 SSDeep: 12:y//BlHQI3J78oGYB0eA5WDtm9p+UMVoJWAhTPfxQyn:y3fQIyoGA0ZU3ozhTPfuy |
|
|
| c:\programdata\microsoft\user account pictures\user-192.png | 2.63 KB |
MD5:
dfa369344e4a7a05735aaa2ad709a97a
SHA1: e57e85d968a9f704e33fd3399c94dd25810662f8 SHA256: 3678ed28c5e1b1270c84e409a46ccbe124b305966c74e8fb7a33ea19728a913b SSDeep: 48:MS6TLXm4OdtEAWzJ+ox7Ih7K9/BuMvAs785tNOg0e6+1V2e7tWNfRRGT5diPBnW+:Gy4cEA2J+ox7OuHvTjg0e6i7gJMT5dGJ |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl.RYK | 16.28 KB |
MD5:
f08c07acdf770160ca9f24c77c46e8da
SHA1: 363e7f1d324dda6795eeb26255a5697d4a7fce15 SHA256: a9f1ea4fd455e0fa88029415fcd4edd345bef642ea3fef66bf8917f5809b22f9 SSDeep: 384:s1pnf/AVdidGjwRvm+IFKZSEbhJeVLHY61kvart6:sr/AGe3+IFK4Ene9Y6NA |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\191.RYK | 0.41 KB |
MD5:
df20b92bbb6bfc735721dcc202a97d05
SHA1: 5c8b2d41c6f80208b26a9171f910b0b6162822c4 SHA256: bc67fa908195648ef28379fbff26d64b4a4ca7acf16e44633838cfae1edf8a8e SSDeep: 12:bwR88lq998WCOVVCnEPUq4FmUwQwnN+9OQL:si8EfNCAVCEP0UQI+9Ow |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl.RYK | 16.28 KB |
MD5:
2e9546f59fa8e2e7068e9b169470bb4e
SHA1: 188bb513f61311c33d6b8926603b4d7aadac3a73 SHA256: 3ede06be15faaeb8613d1752b35be5daffdb2ee236471f12eedf64cc300193b2 SSDeep: 384:4eUmc9XPKyJX7Z/9XLtKKyXIAhJZ7mWpTozEh+E/SN:THIfKyVZ/rKQA3ZPpTo4XSN |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\317.RYK | 0.41 KB |
MD5:
fa647246742b6fb361b947d4d1ed9ac8
SHA1: c3fd00b0df0d9530f5d3d9b8517a64f8c7b51a94 SHA256: d19c17be36894b07ad9415b2581ca43000ce5e1a0fcd387a405a60760931efbd SSDeep: 12:sSNQsyyB/WRzIY5bqdl8pPIjZlPObdr7nO:vSyZWR/bq0hIjPObN7nO |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft OneDrive\setup\refcount.ini.RYK | 0.30 KB |
MD5:
b79cd319abcfad5d60a1dc4b903823b6
SHA1: cde312aa1b5a9836b2373c6e34e742ec5409c3cf SHA256: a5f6f84922289275196933e3345d4f69d8d9df304d8438c530dc55ab79e47386 SSDeep: 6:lzVGCN2VFob1J7ArZ26zxONWh5zXO2weCRDXvM9NFzYb46piuxLd2N5rI:GFK0ZLzxONQjOLXveC00JxB2U |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk.RYK | 2.67 KB |
MD5:
72be97604257b58fb66ab9525a6f2b51
SHA1: 2096842f536df27d69cf807adf3a343a0e36b507 SHA256: 6e6495c7e17eab179215f3ae9c70e73634a17887951325ec8e9d32fe86f5d2a1 SSDeep: 48:OvkeMHdDPH3QhT9eU9plbhBuapuEtas6pSQ/wfls28bPdsidlPbsT:OMvR3qBeWlbPuuuka5Jofls28bPPlPoT |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\About Java.lnk.RYK | 2.33 KB |
MD5:
ae21b145423e4a72054dc2fe48091838
SHA1: 04315b5a689e7a7301070f80154fd18c36ba257f SHA256: c8149696df480f7730c0415e829b842a478ce727e0b6d30fabf51efd834226ba SSDeep: 48:GnJSlAFIrX6okiFE0BSWXdodDWsJsJ0d4o7mLws3FoYjHtMMz:jl43Bli9tE/JP4o6YYj1 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk.RYK | 1.41 KB |
MD5:
999121f24b5ad6557232561d9f68e286
SHA1: e35e797667966668d24bed814a557b5426d16bd5 SHA256: 2cb77e768fafeb44f9146dd66c6c0d0a76044a6ed130fd53ed0cc9b676e455b0 SSDeep: 24:4qYXn1wZHEE+jw7oKeeMysw4baahpRlESFITckXSuBGzcNQD12ptN9lpVvt+:4qYXIHLCwMKdZswiaatlESFIh7GzGqsE |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk.RYK | 2.67 KB |
MD5:
29d63779dc91fc4b7da0cc5ec414c451
SHA1: 67eb0245d688cff8edde5a5bba60bb322000e595 SHA256: fb72290f73d7d13f4e011f35ae9b48884d5c0b485fb2ce7a531e968546b3c58d SSDeep: 48:j4wjErpmG4PSKbc7OJXjFLtKljWLPLmafyFGSgFqgf6IgVhEy1Ufp6zfgWU:j4wAVUPDbc7YKlaDL3fSGS+IIgV3kpqM |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini.RYK | 0.46 KB |
MD5:
0fad7dbe16d35ff9d91f34c8d4e45a3e
SHA1: 9b4385b9b72ea52b194bba5d893b6c5d9c0ed8c1 SHA256: 6e03ce055d9e7aa7eb57a561d6a08988a3d6a11d66bea7d01a6d135181d5c9ab SSDeep: 12:EY9UdKd2qemYxzwz7pSQqOto+ebC80fZVPEJlcF44QZ:EyUIgq7fqOve/0BVtZA |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png.RYK | 0.67 KB |
MD5:
2a8cd5721de9cdac4494ca0631e10845
SHA1: fc6d47fd3449af027cf15109d421c1f21022b3b2 SHA256: b1676ef87b0270c77d1fab4c406fd3b6d7a7a64d7e8b713d2931e3d45fd7ece9 SSDeep: 12:VoMqgcVTvUZ1oznCK6s85ATGNXpUPh5eP7jpL+VHMP8QCjWOkf4+F68wyb:mr5sZubCaIaIXpuh5eP/BGHMjQG4+FgS |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\03\324.RYK | 0.41 KB |
MD5:
7d9258757d557b3ca1cf8038c8610ad8
SHA1: 6596abe6eb6766569797f891c94d65584b6cd63e SHA256: 968b160d810d5b98a85b3c8b43676b9a24b75bd9d42080de395d33a5e88e4934 SSDeep: 6:rAOqF4IoHLJM0toQsp3327h04ms7CwfhLGSrBfjyeBAyEGH9Nw8TTTAkd8PZL+eX:cOtrJBtvuaBJN/Eg9pWPR+eVwY+zTy |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\193.RYK | 0.41 KB |
MD5:
625afda9892eb294c1a9749144e8e5fa
SHA1: 42607b0769f644e507598cd115be583b32e5c160 SHA256: ef9457a1a97ebe77f6a483e2c7c57c86d3dc77f471233b6a02f0a474d1fc19e2 SSDeep: 12:mmqbUxZATwce08mkRsGXzWX9jhsvqUNeCBI23CS:m/hTD+HJeCm8CS |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\13711.RYK | 0.41 KB |
MD5:
35db5be44bfafafcd428039d08beb63c
SHA1: 8032e4f39b9f8925ca9a4f8c51156e2152a343a8 SHA256: f756ea8179facc9e7bdeb6ce456e528e481c65f4738e8421fc5258f0d18d54d2 SSDeep: 6:AhvYpHW2hyWTY8Ofzd3FqnzgIIhXmwobPtChAODLYPaGQ6VhwJvuRVnluyaP+J3z:AJYppYDfzdVczTIowyeRXHGv0h4roel |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Get Help.url.RYK | 0.46 KB |
MD5:
df47c7f823fc9204c6c41487f741005e
SHA1: 059729407d5114fd89dad5df746986cfd44c5478 SHA256: d35b0fb34beb249c8651df396b94c78b4c1c2898a2721a3add68170d634b69e1 SSDeep: 6:4LSav4VQvk+TC/ajxAqo9o2RGQ9nu5h9q99fOC6BKaabCKOlcY53sm3A381/P:Evxk2DxVo9o1Yn+h9q9tOZt9ym3AM13 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl.RYK | 8.28 KB |
MD5:
5953cf626150923e94a99bb251db096f
SHA1: 6caf880d50c7bb27b96a34b1de0c2ab82e12baab SHA256: f3d81bef59ff3af4a2be802bb006c5959609b17a4cc6cc4cae41459630deca52 SSDeep: 192:WqlFIILvsI3IcaZfD2ZPlvlrYHOv7IAlTOP:7fIIgI3I1ZfDSPlvSOM+TK |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk.RYK | 2.67 KB |
MD5:
71e954f49812a366e994a0390fa81b1e
SHA1: 25f9dabc7a7f2872b9ca5b1467253b7b50649105 SHA256: 9e1b491ceb889cbbbeff500c90fb58bcff571ef6b2a540f3b9e7f89695dda24b SSDeep: 48://kIYyLK6zyNkM7yUZIYIUokr3iyKZuhRXb5KP+THktowh+nhvibCxMeN00kZczD:/RYziEyUZIuokr3BKZS8sHOdh+nS+RWW |
|
|
| c:\programdata\microsoft\windows defender\scans\history\mput\mputhistory\15\288 | 0.41 KB |
MD5:
392f1b4635b6d3ab3b2c4a3fa467afa4
SHA1: c54550aa798d3b9081ed416cd88f3ce9a6ad3e30 SHA256: 5d2db654fe01f380ec3ee7d9350602b4e2350793a5d5ce8f65bf0a608f00bc28 SSDeep: 12:Ha6eypeQhUtCU/J6pg3wzzIkRbT3zyOK58w2mZicIn:Xey5+CUsI0uOKJ2msHn |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\286.RYK | 0.41 KB |
MD5:
595223669a0c8b13c845bb5615578ba1
SHA1: de57cc02dcdce85aefb3e6812cc568965711da92 SHA256: 39b604a72995f186c4522b8475c7caa795574cf60d35525e63c0e4bb79a6aa6a SSDeep: 6:qEIOqdku3zjtNWiXVwyZW+MLSxaq7651ziwDmAiY2hG0ZAoPOXXDrvChEykXj7pa:PYSqzLWrScsWRLTnIAKhGbvmIBANhSS |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl.RYK | 16.28 KB |
MD5:
bee95e37d1d1207094e7bc8fbc4e615d
SHA1: ccaa75ec1a439e07ac3b2344695bda2eb8018299 SHA256: 363bc7f727273c56ea5938e6dc093f3a81e33df8787b4faa0acc294a0a15ba87 SSDeep: 384:/Xh1L8JFvBrn3rY0dBN2Bhp+WBandKoyUot:vUzbLZ2PpR40ohot |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\259.RYK | 0.41 KB |
MD5:
0a829fdf530f48b23e78593aafc0e46d
SHA1: a6fa919d2f13f77b996b3ab26bbdfb102baa52a8 SHA256: 4b3e1b451abd77648a51bfb4ed4dde06432ea297ccd1df150f2bf02fcf82bfbf SSDeep: 6:UKeCsFy1jzHbtQNNaqwObEqkpy4AR5xCE0xVo3OGZeh/1KauesHyz+A:UKeC317+NNaMh34A/xCdxe3pZc/1BLj |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Active.GRL.RYK | 14.89 KB |
MD5:
7e8342a691ced2bd8e17aa5d87f7b50d
SHA1: 90d9caba4a89c196b1dd9c4f99526aea19a72c89 SHA256: d8dca38d5b5dce2b301da7acd9fe3075c6eb74548e2507f796321f1461094efc SSDeep: 384:xqUSPbw/fAe8x6UZFBjT31/FWmgk0HZ4ayyay7W+UEVy:zdfATBjT31w0Ly7SEk |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio.lnk.RYK | 2.38 KB |
MD5:
014ccd9ea90832b718c4d36582e83d2c
SHA1: 733ef3afef366cf2a2ae09debfc4fab27bc68a83 SHA256: 8095e1179a41ed8824da9ac2fdaceb80d7ce43a0250ec9e201af6e8a229bdc02 SSDeep: 48:vS8+M46PFNG9OvE5kGgnkZs9KJR69K/QDzbekD7P0cLEHSY:vD+wtEQv+snkK92R6dbekH/Y |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\261.RYK | 0.41 KB |
MD5:
9260ee84cdd948a7f0a616e239a7fce4
SHA1: 090ecd365ce9e3070e5711484deb32f2b5fa2b54 SHA256: f8f033a3b676a5b81bcb148c7ae3c0dd424edd6f4b21b6cb4b4bcf22402f4c28 SSDeep: 12:HQMLjQvKBo3LOsld8NRUDgall+6j2JdlE:wMzBo3LOZ3UDgI+6GdO |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl.RYK | 16.28 KB |
MD5:
a83e23a51ef16db4bbb813f7ec7be29f
SHA1: 696b6d2c3ad500ba59e4b2e379e5bc3c6d222316 SHA256: 7e7947dc49421199a2f630c15a18eecb7ebeb35fb5065b541ae54265b9eebaf9 SSDeep: 384:vu5Esc/IREC+IiMvL/jP+rOykJR9EM0PSPMFDjfQ:vu5cmDiMrD+rOyuRKMmSz |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project.lnk.RYK | 2.39 KB |
MD5:
5251638440810f45dbd987be0874e715
SHA1: a6f45667b8fee7cb676d637abd0326b9bf20617e SHA256: d00886f46f8030aea9b94c5832c7c4dca66b38a2b31f5368d87da687ecb98c30 SSDeep: 48:6R3Liso0kcGRbKWU7NJuuaHzxM+HkYcx1F05SIVSyKUYhza/ZTW:U3LBo0kcSKndaHzdHkYcj0SUbKUOd |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\06\13710.RYK | 0.41 KB |
MD5:
dcb79fd22992132709451cad76f83b93
SHA1: 55d150bb9df3c94bca510132c127672586b3b86a SHA256: f4b6b54f8dfaf44b8de7f2592bbf5e8dab37523b2f4fddf3f698e7bc79201caf SSDeep: 6:D680DfR03rsbyn1kZU0wv4nHgV+rypvTqfBNQBV239APAqIArH9X1jte5JMcf8fR:DXAby1IVwv4HCnRIQj2t47HY5JMcWj |
|
|
| c:\programdata\microsoft\windows defender\scans\history\mput\mputhistory\22\323 | 0.41 KB |
MD5:
bf75632b64bc8a10eecece74e0596571
SHA1: e43a6d06aaabbc77a316a16f64de97652b5e5c07 SHA256: 750cac35c9f3273cf1371fb226b0212cd1f5828784a6f310a284006aaa321fa0 SSDeep: 12:GbpIxwkBShYWA95D3hC+aFs1IJroGR6xhI1zjEwn:MpIxdBhWu34r2QrXR6xhyjEw |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Check For Updates.lnk.RYK | 2.35 KB |
MD5:
13997acab674989f0de606ceaaca2278
SHA1: 6994a9a64afc8a31a15d818038f658d901aaeaab SHA256: 4f2cd40196b3f48826a238dbc495e302d72d64d7ababe959f0e3611e99b80b20 SSDeep: 48:AQovPJDhxOMc/KthEogJ+F8yhW5gfL39TwSQLBLRn8oTQHM6IBL52HjxZ:DuPJeMcShngJ0pkZBLy+R52DxZ |
|
|
| c:\programdata\adobe\arm\reader_17.012.20098\acrordrdcupd1800920044_incr.msp | 10.00 MB |
MD5:
095faa39cdbe7478a562659e7d585492
SHA1: 0e54bd2bb6b536cd3ef852f7006e905f3f90f7c9 SHA256: ebe6a8e7c91a602f8154f257a71838acaa19fe8417516a43ac997ed186f1ab02 SSDeep: 196608:gRBx+kUOs3EAel2YxWCqoM4ffR/uRVr8E7ejFul:gRBx1daTCqSIGS |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl.RYK | 16.28 KB |
MD5:
6781944f1fc1fc62a0b9cce2c3922864
SHA1: ae9e3a725e52644cefb9d2592dacca5700a664e4 SHA256: fa23639146abd1c65d8357ba957584162b587cccc40533362047de97e206089a SSDeep: 384:VfARKfvnLsr5tvjFwxZ1GetLj5+/yw5WZNAuT42JXa:VozvjFwxKeNj0WZ9Ja |
|
|
| C:\Boot\BOOTSTAT.DAT | 64.28 KB |
MD5:
6e48e19e0886eac333612fa2e99f8023
SHA1: 96744f7909303af9090ae47a76e41edb03a731f3 SHA256: 1c3e1dea59ece439a1f2017398c10fab8e8f51184eeaedfdbd52d02e8d707ea8 SSDeep: 1536:/Ps0yoopRFvUp+xsfYQ2qJgcm7/vIZnyyaT6MZrYo9/w1B2G96:/PlyjpRep+xamum7/Kny5JrYo9/w1gGc |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MpDiag.bin.RYK | 0.39 KB |
MD5:
1e86e8aa2affb4c523ce95f39c9d2855
SHA1: cf53a76a7211c628fe60b7f289a2053a09cef88c SHA256: b8db1b7e17f7156f35cb6dc88ca77bbbe45beb9852fc95490533d5f1ca999abe SSDeep: 12:V2pgt1zfkfxrmwx58BYrewOQ8cV0v6feJ:V26vkfJmwx58BYrebQNV0SmJ |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\263.RYK | 0.41 KB |
MD5:
e314d471f98f73d3dd62604fd7ddfea7
SHA1: 07a672f364fbfec5bfe242809b3ef3c3797ad25d SHA256: 90a84369b8725eddd2afe281a8c8116dd380f8aa68212f1c690a5aaf99a49211 SSDeep: 12:RwLsgboYR4RETdYRKRvvnMYLCOuji9wdT+HfhX5YG:nYoYjxMY8ji6dT+HJX59 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\260.RYK | 0.41 KB |
MD5:
383e19bbe28ec72d76dde73a8bb641cb
SHA1: a6f630ab949f154ed50a3d7147b9a6dc7da9b171 SHA256: cf26a515eaa16318193585cbb373e2c3c266ae05ae0181f548f003de357750ef SSDeep: 6:woMHcauxOjxtV1E8JXAe6iUh/vl5U0rJJ5RfXzK2H3lfl7YN6Ng4Uo/REjdshn:w7HcauoLE41G/E+JDfvIN8U2qjdg |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini.RYK | 0.64 KB |
MD5:
436ab3304d8b873d810cc87057a97c05
SHA1: 05f6b9f01c402869b793ab3f763081f946ec4bf7 SHA256: 59df6f424a8cdaabc43aef5c28e73bb299cd830d20d908c8d078a23acdc3b858 SSDeep: 12:zHr76evBqISHraS41AJILK7KgRwRVYbPRtaONBTShCBcAVQlRR9F+KfTaHPpgZ:zL76eZ+b4dkPO25SYBccOfF+Kf0BgZ |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\198.RYK | 0.41 KB |
MD5:
6252d44a67eaaf5eca31a1d22919028f
SHA1: 5bbf03ce8df9b0e0def8a93c8800accd792296ab SHA256: c10ab43bfd38609d3fb70c89eab79a111dd4f677157655bceb83bd8c32a20e58 SSDeep: 12:W1h4LueGbPHiYwzKarTobMRTE2SVGZj4yDee5CVM:WUw/iLzKKIYg2jZMs |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk.RYK | 2.42 KB |
MD5:
a5b81558735503a12d07bd4949d9b1f7
SHA1: e72155f9431cdcb586ca672b21663e461670c876 SHA256: 62d70b204ac256e00c6339fa6b6ca078b27fa407525302497f823a00b3c0552d SSDeep: 48:4G5pKEXbbSGTyOi1Iung/y5DdGT5w7vjxvWwhNfnko8+rDEnb5OGBeoGRs:3f9beGOruymFw/xvWindr0eoGRs |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook.lnk.RYK | 2.63 KB |
MD5:
b6b9667135c28867eb8b0d9a2c9ab082
SHA1: 5ef46b9ab8a2170cc4feda092c44603292b066af SHA256: 719637be00b991ef67e482e4e3faa3e9217b5c9b497d12cf3e227adb024fea9f SSDeep: 48:7HLbw8dvrzF2bfYqUQbMWHAqwABx4/dEbE6OBDNPLF:73bzKRbMmNz4lEbE6QPJ |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini.RYK | 0.44 KB |
MD5:
1bbf85bf8d80c2707dfd86e9f5eac340
SHA1: 1a2407f6fb7f0f72dca03c83ed47e66be37a402c SHA256: c597c78f930b4cae6aa4e00bb028fc4e39bce28b81fbae5f67e1227aa8868137 SSDeep: 12:pkt8bIySXrnqUsP00Q+dRwK7iolCgoDHNwm0Yk:Otdt7ncPK+dRw8iiC3imhk |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneDrive for Business.lnk.RYK | 2.42 KB |
MD5:
460b5756adfb11ad91290019d7c1050b
SHA1: 605fc04caf74984986e4104ed56997be6da76b94 SHA256: 63949ca75f9496dbf6e36d8d646639ef4a61018f5db1b7e76c86a244d275c9c1 SSDeep: 48:eABwLVZBoeAQ4o9eYswZ9RX+U2hCb1YKmyFMdmxpP3SwKfQYmh6:ejLieCJYpUhCB4kMy9SwKfx3 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini.RYK | 0.44 KB |
MD5:
c1904bbc4d16c09d11924eec6ce70159
SHA1: 3df3b3c384159984af846493892fc3c368b02bed SHA256: e6d1d9c5d642717fc39bd29a10070a5ea2a32109f3e99d339f8bebb6875d05aa SSDeep: 12:B0KWp4vtYY5t3gMbIWNAJxwDTg+frCkWwX3vie23ao:B7lYK3gXWNAJxwDLRnviBF |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access.lnk.RYK | 2.64 KB |
MD5:
882485d5140949b615c2aa5551972e77
SHA1: 3b358194f72983f6fbcda7c87a854fce3b7dcda9 SHA256: 479af70faa130cc183e5fbc3abf1e2951f6cfb470d9d047077cbe74016239eda SSDeep: 48:UTY++U56QgqR6qovknK33pxNgE0lCbzkmxAE48g52Dlmw+QJ093KWpf/2sipsthV:I+6RgqR6qg33pbg9Yb45J8g5pxQJnWp3 |
|
|
| C:\BOOTSECT.BAK | 8.28 KB |
MD5:
420177e81b5d588254cb266ff886e1b6
SHA1: 21a11f7e5586462e204ba1bac51511f4d7f68e02 SHA256: d7abf249fafefeb95f7d3ef44b02210c202e3b5e6f8642cbe099c5a57dc44297 SSDeep: 192:d8oNqu7YEaBXDkJbaUCm8XQQNvuk447dsMnIekdR4fN3Hl+:d8GKXXabL5XTk2XdR4l1+ |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk.RYK | 1.38 KB |
MD5:
ea6864908039f3431e4985cdb1021391
SHA1: e1acef49ca309d0bf57527b33bf05769e873be9d SHA256: c9af767c3aad9c814851f8209575aa2945883950e90500669a588a8a042a9e35 SSDeep: 24:VLg/Qh1HKfqxmAOVaADXuc+GTDzVuyfwGLaYG+jGhMKb6H3uxnqz3dK4aan:VLlhNccmrcc+G/ZFfwGRDMMKOHb384aa |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl.RYK | 16.28 KB |
MD5:
4e94a77c32a6fa69aeae9117f51aff50
SHA1: ec61c1011cac1d4f883fb43767f348304905f035 SHA256: 3692c69afa0e608afc2b12f2bb7d16f8807b82bac1320adf7c9d6edfa64e40f5 SSDeep: 384:gSci3EiEYvomaxtBwuEFdLrTRguU/rnrRPKTtBGEf:OUEishtBwueHTeuU/LrZKTr |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk.RYK | 2.63 KB |
MD5:
b035e1fc1b2341401b6e04f7e6591917
SHA1: 7fa2e5d60b8c0be47f46fb6af06f9352c60e542f SHA256: f9ae7548a61e0d74e9a2948b7a1da2aee21ce88dd5b605608c5402d6eb967bcb SSDeep: 48:q1zuVuHKK8KxccmcgB0AJq6ZPRAa3+3EAQpZ5nfcY1E+VbBTMn5a/LK5o+4D:JK8KcvN9YeSi5fcN+Vb6n5aO5ED |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk.RYK | 1.42 KB |
MD5:
320b22529433a6193057ed03798ad8be
SHA1: 4893b176a35de20b609e5d8ddeffe46d2e21c05b SHA256: 1243c4b127e6d4c92a46d1e80f86fa9cec7daa5b3b26dfd7476f100af61b96be SSDeep: 24:/NyuhwQkRosswB3vpS9lMfRqu9T6L+cFZDzysQzAzcSexgvq8VFWN8RQn:IuhkRBB3vpHfk2TI+cFZDzLzcSchke8s |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml.RYK | 2.21 KB |
MD5:
e22e9bcbb84cdb870fb9393ad63c76f1
SHA1: 45a1da6119648b4083bbcfea2bcc46f1c15199a2 SHA256: 16a843994e9d30634d7c18db3fd6e4cddeb6f64fbba8372e0330b82654c2c8d6 SSDeep: 48:bhcJh3hCTa+lgk06nCmv9eaHh+e5lzWbDp/WshXq64bzti/izX/bVXWtx+:NcrIFyk06CfaHhN5Wl9h6g/K5XWH+ |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.bmp.RYK | 784.33 KB |
MD5:
b582be723b9100ce350ea13bcab06cc3
SHA1: 6666cd59eb1e66d9a754b7ba499134576fd4d9f9 SHA256: e59dcdca51aac31b2d48d93eebbb50013e8e304a48e61a8141384b0d0c508bb7 SSDeep: 12288:yfh8rkzA3pMHAWYWCLCg8An5LZ8Nz7NJUo4z4y0ApKaV75oh06T2bPU/QcCj1Zk:yZW13SHApW4CC2rlNM75E06TaU/fys |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8.RYK | 10.00 MB |
MD5:
93eff481a09d4743c4672188709ec76a
SHA1: 484a1b7a9096b48e9535fde293abda11f4845dd8 SHA256: 118d6d609e83e7e53c91c8d330d36d6031a48861577d150c83e9469bd05ee1c3 SSDeep: 196608:VyqECAMrm/WyvONqviB7JzEShAmGmuHUeTLrbhN8+TEhJ9WuOKlj9vQy267V:VyrCAvfYlEKAmIXhNm3bYy26R |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\300.RYK | 0.41 KB |
MD5:
763e562185d7c950e6617074577d3b95
SHA1: 5de138ae8292333d5260e6a62ab84052c62fa512 SHA256: 5692c6faa62cd0425ee575f58abd36b62569504c326760e8643cab015eadd704 SSDeep: 12:A7P4VJWC4qN4yTY4Yz+xUYOpE785KnPEu5RKydpn:2zqN4L4YzfpE78YE8g+p |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access 2016.lnk.RYK | 2.64 KB |
MD5:
af51e5c3923d9dfdaa409c2049dd09a6
SHA1: 822328de07965db94a1ad38b63602c0d6a8ad34b SHA256: 7566c90f9c5813731bd755cf31fac034234090f1f501675f3c3402c8284baace SSDeep: 48:erAKwc/gwGg9JZPmDuLyq4vH/kvjCknr0VysZxO29+d56LnvnbQFlQ:erAvuJZuDuLyq4fabr0V7x3i1K |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl.RYK | 16.28 KB |
MD5:
250ebbb180089ffe82a7d8d8332e1393
SHA1: e53687e5f9f16eacc718400d6c68679a60b50e0c SHA256: a904f9e3309e8a0b79aaf49f54edba3d9a2d2463e50034918061ed0b1bad7792 SSDeep: 384:pjQhjDEBNY0OMM/GoOb5vHoa9bfXf23WXUq54HtZAN0/O:pjQhjDEBNYR/cdIKfZ4NZANb |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\287.RYK | 0.41 KB |
MD5:
bebf2e1d1628deeb22e503fd69220559
SHA1: 1826de8c220a6ca570af750007398f483fa6d562 SHA256: 9a0230141548f028833273c11743239c2cb009607f1670aa149a472d62bcacfc SSDeep: 6:y4Dok4SjvGAtQWzAQ62W/1p3P1lAoiqzMOGwF/RBFCgtAnnUEVQRH8rxcMh6Y:KkJuAtvEn2WL3PLNiqIO9ttQcH8uMhz |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Search.lnk.RYK | 1.83 KB |
MD5:
724ca372ad76045d8eb691d86a572f7a
SHA1: 0ff2396fb1e061644f4513e1ae372b108440e1ac SHA256: cb1d21ab8b7cc44734050cd0b31da71d38e9895ef0ab57ce6f8e4e458c3c3bbc SSDeep: 48:12A83U+By1+g7DzVW4UscZVidXGXNMin2VDys9+E:YA83ULH7c4U8dX4cDyK+E |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\3\0000000000000000.idx.RYK | 0.36 KB |
MD5:
a1d1fafaec278573ecc7f9cc093355b4
SHA1: 0af3aad604c45d2cf92fe536b961979893ff36b2 SHA256: 2b316436037a037682cf785efa40c873d0239b6507569a1d27117e62a0b07ed0 SSDeep: 6:/qmphipA8rswauva8eBhqePTcLXxM3wK726aOnOKZ4mKGQ0poeR7jRp:CiYfaga7qeLcLqwqJaIF4j0mU7tp |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-40.png.RYK | 0.71 KB |
MD5:
ba4412afe06b8bbc5711659b477cbabc
SHA1: 2e098b05d53c4f7c6955c7abe1fb0370bc611689 SHA256: 74c8c637b42ec53b4f4c4f5a3e4ab7104808fa7ca1be1873ae0fcc278daed0de SSDeep: 12:OnNP4gi4SQ4paBomdWlLdMEBalFtOKopOTa1QQtq2XoPC3jiqzev+DXdVQm9jGgT:Iggi44pa/MgtOKcS2YC3xzfRjGI |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.png.RYK | 5.55 KB |
MD5:
2193c8a35256f069edd30c168f882211
SHA1: b585205867c7bc5a86c26011b6f7fe7d3dbe5d31 SHA256: a2d0f37cba94fde01e8db6f5a453f8fe425aac9e82311d2ba943b180c75a4682 SSDeep: 96:HDTpWv9kY8+mF9cS2DSB0/CnrhBhspmMuVJJl2GgNkIbXOltkTZhTYHmFFuxa085:HDTpWKYX1c0/CrhBhz5VJJyuIbefy+HC |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk.RYK | 2.42 KB |
MD5:
723a04b937a22ae937a4f92788dd5f88
SHA1: 969ec4dc06a785629c3307bd88b884c9acec1473 SHA256: 5efeb4844f7cc8a9b18af6a23682b0413c3a7ed949a6818e5a73ac56328509ca SSDeep: 48:36qnNaULR1PZ3tw216vLE4FHLvsRsvB0IYIk+4l6dPIXvYrkJ/Af:36qn4cfRcvA4FHDskBhkJgQfx2f |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\267.RYK | 0.41 KB |
MD5:
2a0f1f959acd44c21da32738675d22b5
SHA1: 8502d47a433b993e4e1f4a37329c9ea4b448e1ea SHA256: 29c12ccc1e8de10cd97f8b15258406345315228ac4625b2fd784d5b0b9b37ba3 SSDeep: 6:zxlgbSX3xtuIuWEGFDG8wsG6RS3ob+AXUomCDGUf9gXpPKHOolD7wv3Oecx7hDBi:EGuIuWEGhFb+AXHyUf9ghKHOIQcxdDUD |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk.RYK | 1.60 KB |
MD5:
b4e7af78e4ed074999348fca4d337ab8
SHA1: 43662accdead9d3602c6ffe8c37d4ab0d37cbc45 SHA256: d1bd1c9e94e56824362ed879fb1c0a2e8ca7e01c6e61c19abc3780bdbf947072 SSDeep: 48:e4ml51gPb6jjZXUxeVahWm8i3ytuWNSOv7Neh2+k:eQ4jZXseMj3cuMDokX |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\11\200.RYK | 0.41 KB |
MD5:
7f87e4922997c836ab1244fe624a6a62
SHA1: 66c115f1ea6131e52bce53fc8f739f51ddc5bbc7 SHA256: 29e521d1118f16937511bc9fbe45837617bd72035ae2e7c84b3fb049de726c38 SSDeep: 12:kct09ErWal7qB8eDmJk1M7fKjg9q140vToLG:kct0ardlG+eDyk1eCkIv0LG |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\262.RYK | 0.41 KB |
MD5:
94475675123c38ce9934303399dfefd7
SHA1: b8b7e075c5d84c75eab1297caa70f5d19eb8076e SHA256: 3d1d4aecb1c203d24866df4dd5f1d0956feafdd74aff4fb1fc1696b51ef34bc7 SSDeep: 12:ii2/FpsX2v9HVY+h5xtHgq26soDDl0deidYyW:ii2bsXElJh5Apw1IevN |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\MiracastView.lnk.RYK | 2.44 KB |
MD5:
5ccc40f290651d1865a9d02955d6d0fd
SHA1: 045e8bbef6c11998f288f281c1352859419e32c4 SHA256: d84723f1a20239f4a3a68b3a304adb5f8b7017ad11b20011c5cab81fe60af3ef SSDeep: 48:+bNpq/4uFVjajrzBMMXSKg6bW4l0CvWfyHDasLwIDrofPm:+bcLjajnukSeWCxH2sLwxe |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\07\273.RYK | 0.41 KB |
MD5:
5530a64c30830d98d35e9eafeceee7b6
SHA1: 9a3ccbda84a1e2f8076acf442becb60e26265c1e SHA256: 8db75ff8302ff2095282cf393303be331210dad618c6780a415f7adfbddee9b5 SSDeep: 12:DrKuhj9mbkrE1Zsyh911EN1QNRXWUvpkD:HUbKyh9/EN8Xbvp8 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Live\WLive48x48.png.RYK | 4.83 KB |
MD5:
0c878f7b49de064c61e106fa9c137194
SHA1: c65063ff0ae4a96250dd107240531e48b8af8434 SHA256: 153d9fa7dc952761d9017f2ebf77dfcf139f84ffabbf2bada54c39368f871b17 SSDeep: 96:lftq/a/iLj9Cr5pcRm7MyG+qQV6WrgyGcD+dJnWTzwrfviLdxdqpgWw7m5PYp8WI:lftGa/iNCgmM+p/rgyG8VPGCLLdmw7sL |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl.RYK | 16.28 KB |
MD5:
4d8c899811ea2400e64d76deaff4ddd3
SHA1: d0318ff2d2a639f5ab8ceeff71de9d969b12e4ba SHA256: 13a3db2c9780179665950d246f31cdae400851fef4ecd93b0aca965029a8549a SSDeep: 384:bp0myvWxnvePLdY+rRC+TbiHD8za9POaB3AUsyp/PFJRPtmRf:V0mkWlvtG93byPO9UsyNFJRoN |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml.RYK | 1.63 KB |
MD5:
fd3d26974a83fa734af50c7d40cc2718
SHA1: 28021111e6df20a673a3c960f0c766a21beb9027 SHA256: b160f7a2ac03d9d59320db9bafb71984ee0188b1e959cd0f4ef6a215aee0024f SSDeep: 24:hdyCy1etQ2eBehyuExuN6rehaLqZMc3TvSNVIF9CgiRcS1DHVUyakSipv/glq3:LDGeheBgEoN6DEv5f4RBDHVNaQ5glq3 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\197.RYK | 0.41 KB |
MD5:
038736e5c6e549a00e1d347541035313
SHA1: cb8c6eeab07195c5d5d2b4dbe528f5c29b7e9cd3 SHA256: 7172c5d5d8b370b7927e28661a64d43640d5f31fba4a012b47ae43b397cb7e1f SSDeep: 6:eT9ouBd8EyZncoHHjRSu7R2JPPiQiP6eDQ3OAUNiROlBJDBxRSUeq9ZQLZC+mhn:eTZBdNy5c6rQg6eDQ3GNnJNnSzQ |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini.RYK | 0.55 KB |
MD5:
458298eb43d8ba28c0ae9699aeca87ee
SHA1: ef7896f15ff4321bfa9ac5d58a53bc1cf4aa9b22 SHA256: a5a5906aefd51bc3bda0f034ffbb6a123c48071329207676d44bedd715b761d2 SSDeep: 12:7kPv+WfW8jiYiAUaaOvRLDm7HNdeF+sc/ll03Ygxn/fw9TKUvW:YzWwiYgalRLy7tdeQscdlp0Q9TKyW |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Desktop.lnk.RYK | 1.11 KB |
MD5:
415c401c53beb61736eda7c6b6d2e589
SHA1: fb2fc93c3ea438cf45f431fd8d84f85aa6b5d1ec SHA256: b91e2f649b170bdc561f55d30c2e11f8eca6881504c6cf17b878b32606dbaeb1 SSDeep: 24:NMoDGfnWYH8xcCpbv413GH7b2KzR7KK9V3+7QKU0SlrTG0CLi:NVGuYH8xFpbv41Gv2gRxV3+7fXSJilu |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl.RYK | 4.28 KB |
MD5:
b94f28f6d32fc5eb0c17e728eb1227fa
SHA1: c095133b18c470e8556376f3ca085d4b18bdb427 SHA256: 0cad2ffbde50b5a9117bb7236123a94d64af6c4f6ed1e4eae4c3cd47871f9931 SSDeep: 96:MkE5By/Jtpjd9mAmfoMqP+Uhp26TejO5bGu7eR24aGiO07c7zQRQ5ldXeta:MqpRoVqWUhp26TejOVaQ4rVcczrNz |
|
|
| c:\programdata\microsoft\windows defender\scans\history\mput\mputhistory\18\107001 | 0.41 KB |
MD5:
29d12ddfb713468898425b99bf1d3f11
SHA1: ee6de7bf9a498003afca0219efee507b0628690b SHA256: b4dcbe73f727185a99bb5d6f7b665f4b00b0bf9b0f2e9be201a7100c604317d9 SSDeep: 6:LPcRYAxmFg9iJf2v6LeJkprSdtZpYbqyzvW2OS+o684HMPnU+z3BN2J3Kh2EXB5E:Tc+IzvhkBYZ2fzvW2Lx684sFY6hlBi |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word.lnk.RYK | 2.67 KB |
MD5:
b013a840466204c19bb128b3cb5bb252
SHA1: a1333d1353c90429087a8a6b64de821389d89d83 SHA256: e3471fdc4b6fd03269e7c3a5bbf42a7d55d6c0c7e82eb6bb28ecbec0b977e100 SSDeep: 48:LN4pwh/eOGXcUw7K3QGC5SLw9sgC46YmCtvqrP1sG2P+vexAs3WTwH2NK:Rcw1e+UwuQGCjZNtvCP+GHWFWc1 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png.RYK | 0.77 KB |
MD5:
130b78cb1a1a0c495e642ad0fb3bcbd5
SHA1: 930a901db07b0518f044211b8de447a016bef63a SHA256: 469b00ba1fb47543410ae7301ab6aea1c037f2a3d6cdfbe9d5d2b2cfbe926e3f SSDeep: 12:Xc3oy4k5a1dDeJ6jrRjMRbgT+SZmNCPQ5IrCkiLn665HeM/6Cxn:Xch4RDlxVVIN9fki7heUxn |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\14\9664.RYK | 0.41 KB |
MD5:
65bfcc399f84b89ecd04dad4f64297cd
SHA1: 92145c3b6743baed2b56c4bc28d894de2dbbbf7b SHA256: e6a3abcb7d0e8348d5ae6aadd3decd9c1146d9fef8f2f99fde519e1b4311f4a0 SSDeep: 12:46jYa1wQS1UE/fk6UUrF5fjgIej8hti//v7GkLWB:4uwSEU6xrLfjejMIXv7vO |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Immersive Control Panel.lnk.RYK | 2.56 KB |
MD5:
681badab6457c9d167a97f6239acc443
SHA1: 7ec5b7eeb0a68b5066e1d7fe0d5bad67b7c2deab SHA256: 6dc61a6e8af41938aabdd9173ff7e10a82b469accecc23a1510d0b7f3605ce63 SSDeep: 48:pKG97+wgofEYJtLQVGHEJ2JvrW7ZO3IfaoPgcqTA03hW7SHaEcC0qAgF:JhlgiEY/QskGW7Z0iaogWjEcC0rgF |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url.RYK | 0.46 KB |
MD5:
1b20a6b23cf36640858d1460c9c1871f
SHA1: b98b6996933f6d825054d8caa97ecc007b9f6258 SHA256: 6b6adf2ee4432dcb924c364b70defc61b392202cdbeb4c7f08436246c1434fe1 SSDeep: 6:WXaYvG+px8nkqwF6bvlnmVJXJ82gZyVDTVfZj3kQdRk6tH9zOYmjAaDBySge3jAL:KafexYk+mD5xD7Zj3ZXH9zOXAsySvC8u |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\272.RYK | 0.41 KB |
MD5:
b3bd34768ee58a519330f77cbaa29c59
SHA1: 0a7c81969cbdcb4aed5d2862f70d13cf4534c6c4 SHA256: 9437531ee0799185eafe04155c3e96dceaab6f31860e918bd05442ba98dd2801 SSDeep: 12:psNoqw8vQ9kri1LIO3PWSH/xoRdE8gLJn:iNdw8qx1M4VORdEfLJ |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk.RYK | 1.41 KB |
MD5:
fc39a0b01d2ac1ce027b772d0099fad2
SHA1: ca2dec6f87e10bb7ac67875a4c131d121224dac2 SHA256: feed7808ea5f7129487a69e56041f36ba1c130943a7ebc656ffd8babdc1088fe SSDeep: 24:pjPEDH9R/yF0LfAuS/3conSdCf7rv5t/wSX1Ci4as9BEBeMajggWqthDLAZeQAUH:hPEhRnzA53SQfZt/wSX1m8gMaj1PthAx |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\StartUp\desktop.ini.RYK | 0.44 KB |
MD5:
5c00961b9ec206e12bc354b01dfa5a2a
SHA1: dbe7965998592fc30f7433c1cccfbdeacde736dc SHA256: 79c75968757b514be281a6aba8dafbd0022b98b234166d0d7eeabd6ea92bc703 SSDeep: 12:xvpr7uHp26dMkYCcxkkYVpyNniHZLDblQyo2CKrwi:xvsHM6dMkY3kDVps6Z7lQn2lrwi |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\328.RYK | 0.41 KB |
MD5:
1db822b509e0bbe49c5e57aae6c05399
SHA1: b47825419052d54d8b433ac8ef19caea0e59d407 SHA256: 1b1fc793f3cd2de498d5a479a9c37537b07a98357c7327915a71d4986321c8ff SSDeep: 6:BMf57XBA2vu8l3L3cmRYU7JuZhN21iu8GPTehQ1vKWecJ7x3oRQ6H3ao3kExF/dv:BMf57hvJLtYUo9sehmbx3N6HgkdUDi |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107002.RYK | 0.41 KB |
MD5:
3ef479721175622e55953e0ea80e15cc
SHA1: 825de57d188ef85dcd55f1214ac290be73f0e701 SHA256: 92bf63531a80333e20912a5b186d4c43151e6dfb27066437efb57170e39f9d14 SSDeep: 12:a4TCdIlhczbPcU7avtyazAfNUF/yetz1bnDPsmdrnOnUTN1G:xgbPn+1Rbz5DPsmdrnFZM |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\199.RYK | 0.41 KB |
MD5:
05305617a2e228f5c8b254e3f62e3c6b
SHA1: 6431cc4dbca7f373c339da50eaced82e03c0897c SHA256: 3e187699dc835b695a842e02501fb509647ac7c586880ba4fb6ac448cccb5b88 SSDeep: 12:SUJnWgzk4eJ/Up4pRY8JOAbL+BE9qH0ny8SXSn:SMWsIRY8Jjfb980y2 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\1\0000000000000000.idx.RYK | 0.36 KB |
MD5:
e5f4cf3e79db54c833e5d1f44bdd64e9
SHA1: ea9910f9b5a3fbf113aed08268dbffcb836882bd SHA256: 37630ca38fd66850fbfcb3ae54d87ffd598136402fce946ab2e8a234ae13fbc2 SSDeep: 6:CRRxnAFyvFHwRK7YSPHvmd4cpAZfkIDlLH99cbXjxBPd+T6AaHpSCTxDOKI:Qxn9kK7HWRpAZcI5dW/j/FrI |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini.RYK | 0.64 KB |
MD5:
8d3e365a68a9dfdb44e09d78524f36f0
SHA1: f1b0362cf559ef383441a8d032300d1fc3a8681b SHA256: 6cce7cb4a80823bc98c49c27761a96ac09cb254752b061f61a4274d52b070c74 SSDeep: 12:ML1i8Z5jMXFyFmdo2kGvv7ggDs3Bm5B6z/bfnxQZBpykw:25jMXsFV2kYjJQoqznCB0kw |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl.RYK | 16.28 KB |
MD5:
08cd920090ae26a8a1ef6e221804ddb6
SHA1: 15d26cc4a8bb4cf62bb015904602498d554514c7 SHA256: 96d51f0e025902114afe0287911259973386b6bb07cd911a1a1ad8af5fcd9644 SSDeep: 384:7kB6XsUnOP7DXXdI0AYsWabhn5SKBQLnLxvHU:7kBR8ODTNIwun5SKBQhc |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher.lnk.RYK | 2.63 KB |
MD5:
f21706445fa097fb850c8feb6211e4f3
SHA1: 1f10de46b9a025bc1f2463d351647eb18d7b2933 SHA256: 91a72e360549216d7523754e47ab4a52859b9566d5f4fd4077a6d3af06602ac3 SSDeep: 48:REadGV8lSOQjuS2eolr5XrLt6fFGkQHCw6xiK+POyZ98ZJ3DUt7/Dj:qafo7juJLH7Lt6fAcxi5PV98/IJDj |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk.RYK | 1.38 KB |
MD5:
3da139dc1bf89589612bca83a5768faa
SHA1: 4fca3d6582ba1d3887df8d4a4fdcb59c07b2a74e SHA256: a1729cfaf9935ae9916522a730b2e8fe9890bf0901d4037939572e5ca9f66d6a SSDeep: 24:oFdYhQvvCJjh8HIeDoAHHQzjy0uXhyzjyCc3w/+erbUT9sZakjVf+fMdUd:oQhQHCnSIEHge8/rBbUTyoG+d |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml.RYK | 2.21 KB |
MD5:
9407fde948e785b159acefbdf9bafd0f
SHA1: 7c8827316422b448b27b9d72562314dda44a406b SHA256: 3e8a7d1ca8f1bda7717ba6d388811d2a2d504e2ef8e5b8cf1f218ee6e5f02c13 SSDeep: 48:0lsrAp7MhfBF0lpvrax25j7UJu7Fh+8JMVPMIvamCi:Oj7MhfT2JV/+nPM7mCi |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk.RYK | 2.67 KB |
MD5:
b9b931dc8944e691a7510afc9bd858bb
SHA1: b8d38a1b2ec8adf73a351354690437a34c8e2732 SHA256: c3f93dfaad54df5902ce4ae44b12fce33441bd52fa6476f8ee5e939362f30ecb SSDeep: 48:aS9JFvKfYFbZYc2TAjkyZ2NxcLtaroeNSu4BoHRt/sMkAKT:HovcskoYpazt4Cn0B |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Paint.lnk.RYK | 1.36 KB |
MD5:
3f244932296693630baace9f5d47cb23
SHA1: 13de4ed150a68e5fca401dad2dc19218ed2afdc5 SHA256: 39da025a90a13e13e7de0ffd8c42d530548bd6e13bfe7dc2cb98279f192aba92 SSDeep: 24:kEv0qr8nqXvLCc32Z1zvLvP0k65JH69bi3ZiytBOqRSJZEp:37InqXR3i1zvokkH6YPVp |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini.RYK | 0.72 KB |
MD5:
0a2f700037d9f8fff3c573b4b8e641fa
SHA1: 02d82743f73d21d219cb5f85c1148d9e6fbfce21 SHA256: 4c90df74def91154eeb70a2122c4a5aecc946cc999b4dc78546a62eecaf53118 SSDeep: 12:e5rDarKKlxDaS38vaSwgcSGTiBQ2W9Tku5l+C9XXF1POKYQJcYpvGPGWQWmwCDLn:eAeKlx2SsygGTi2k2wQzPmQJjEQt3DLn |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl.RYK | 16.28 KB |
MD5:
86158940cd7e8c0122122a8b6235cec3
SHA1: 270ad42d2484a1d534dd5bc7850ee7c7ba2a9e48 SHA256: 354dc8bba9c8a43f94a53046d4918186fcebc0d180a7bad6100df3c528fe2701 SSDeep: 384:uez7XBfUmZTqu1cewfdnwACTCsJWIy3FJD9I/ABntYzHdTZlCDN:RHXd7ptcNf9wRCUy3LDK/AFWnCh |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\271.RYK | 0.41 KB |
MD5:
e4387a18f7a4e6bc3e6be3bd94b1c1e5
SHA1: 869de5a88a5b1462074b7342d2662a6451d2ccb0 SHA256: eb744f483b3f0bb688e3920b1743c1f68c9d1efe0af2dacc66c9f60c3feb3325 SSDeep: 12:gvUyax7edcyfpTDz3Dr8BFfxT+wQ+g8uc4:gMyax1yRr4f+Ouc4 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl.RYK | 16.28 KB |
MD5:
47a176790ae8314a49ac659f0a4d73c8
SHA1: ace62e3d6ff3be7c615a71b9f7df0be36bceb60e SHA256: f328506738183e312da5242cdd1fcae9590f579c5f3fc79e9d396bc8a7e22692 SSDeep: 384:tLxrKh8UvpTBbD+MVI6QGLpuGugujTC1z2SGNW:Qhtp4GoGuHS/d |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\00\192.RYK | 0.41 KB |
MD5:
f2daebf1b1a8402c9fadb8650bcae201
SHA1: ec05a739f4f9bc9fe1ae328bbc929afadebe777c SHA256: 8ee8b5401974afb7756a42d766850cb15a3e51487712c333fdb027019be97c68 SSDeep: 6:UGBuv+RsvKw6LFPAqXhLSOVXI3Tw4wPPTbxzSvaXbO3O6Qw1eAO0yHSAjIyBTd4S:JhAr6R3hLfXI3TwBzrQ0w1e90VEOgV |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk.RYK | 1.50 KB |
MD5:
cd3966e781e4e76442632218f555b8e8
SHA1: 1d56693e799a4dfdc04429d3968db3e04b602524 SHA256: 14bf7d93d54578ece784b399bbcb171876b7af5d6fab24d76d6c7f6fe6979203 SSDeep: 24:8aV52CUTY3dOjvbNDs0mzNZ/+U7f5iNS55TKrugyKv99GAbqZSBrRf15B3/m:ZWqdm8zNF7xyuPJg99GNSBdX0 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\196.RYK | 0.41 KB |
MD5:
ed17bb464e1545aade3cf96084b65514
SHA1: 4a24970913ae6dd25afa04b2129eb4432a38a888 SHA256: aedb4b79832c18859cde08b1d282212401d5047a9fa2823cc484340057b8894e SSDeep: 6:8kQyuaox1EOuyO0KgO5N5bVwmhG7CN4HNkVTS5eXGnUB7BH+8+eaCz4eT9tFR38:83a+iyI/r6tMSAXGnY7Bjlapepts |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk.RYK | 1.41 KB |
MD5:
a9b56eacabcb51710ecae7312085b558
SHA1: 56b83d7666f6976325e18d9068a19789fa520ac3 SHA256: 70d446f374f75589b2423b06dadc22ebbe68c91271a13723c25e910fbe276e64 SSDeep: 24:v5g0GZxW0vuPy+3I4hPXapCbWziNDTVpxm8dUe3L54jV42u62xU7n2Wx:v6Zx9ZKI2QsciNHVPfdZAVLUQnh |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp.RYK | 10.00 MB |
MD5:
67b48049beda10ad696e396fef39d950
SHA1: 466a715a1de5dacb24e443458f0ab5d385a7ea5c SHA256: 54b82ab40de4ee022d1a67eb445edd900bca0db3861886170d9006947496e008 SSDeep: 196608:gRB/okUOs3EAel2YxWCqoM4ffR/uRVr8E7ejFul:gRB7daTCqSIGS |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneNote 2016.lnk.RYK | 2.61 KB |
MD5:
606d9eae079666f684b6a831d0cd4587
SHA1: 4b7ce3719cc26643d92970422e4e17a66e2e6db3 SHA256: 62dddfbb666dfd9546657bf8117bd9a8463898725e38e457ceb7f2ca62c92555 SSDeep: 48:RUVPnCJskIsh+MIj1KK1oIdsapcTw1j//XLY1KO9lInY47eVJp47Yh1KbNGWW:RUVqSk9hyNoWcTu29lIYseVI7SKbMWW |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\266.RYK | 0.41 KB |
MD5:
27375307c83c8ec8b5ffa438309f5e5f
SHA1: 5a8407ff336a66dfbccca4955f43f4d4e48719ea SHA256: 785de662f63456fc1871a1f565342896fb0dc7e1bb73cbf97258689c1aadae60 SSDeep: 12:8z3teXxrf3BPUCbkg8Gi4NRpmB03+yGtV2/oViU:8C3UCbfi67mKgthkU |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.001.etl.RYK | 4.28 KB |
MD5:
f6b31d51048fed7ba59160a38d5e07e6
SHA1: 7b12ae7962727df8dc36db1939cf4500637f4342 SHA256: bd8b9742622f1d455a8175361be62d5e651e894e989589da1c39a6dbf1bb411d SSDeep: 96:wJ+rbeG7NnrU2esTbEE08bpfBsfC4zdNcYC6LglZvTL:wJ+PemnrU2/dIRZNPLAZ3 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\13719.RYK | 0.41 KB |
MD5:
16629377b5a94cdd9b3d98f037602052
SHA1: a9295a2d8bbf3457b89b4a3212453c76e9a85bbe SHA256: c0c667575364bf1358461875701582b6ade8262273b7c26f1e949527df415bae SSDeep: 12:ZRt9j079DuS2C8T11cp5TqUZXVj0GFHpvB1sIXmtY6AK:vtm7AC8hy/TPoGHpvDIll |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.png.RYK | 5.55 KB |
MD5:
dc9d598ac7d385a1fbe0745d28b10d61
SHA1: c26524eb0d47124b922d4be871be1bf009940559 SHA256: 2b9af43c29a46b9f18639d6eea67f19421f9ea7ba52b5fd66d1ae8b5afa2e8f3 SSDeep: 96:ZPnmsSCRAjO+QvtkX/93WX6i6tVaAA+9diVXjdpoDcIi0+PzAJTMAQZH1:ZPmsSCL+0tkX/TVDAssdi4IiZkqn1 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business 2016.lnk.RYK | 2.67 KB |
MD5:
dadcab4f2d62aa7dee9c6233bc3f2d7d
SHA1: 56b52f6528f03d00c9edb5818d349bd83fefff45 SHA256: 9e80b0b02bf184f8bd6bddd7ec897b0f90e37c8c5e74f42be53fe59164d934e2 SSDeep: 48:0wt2NEgBpV7J1DHhP6Ps+lai3ofCXmDlylni5T9sa6J+hY9Kv+g4atH+T:0k2NpptJ1DBPAN3o1RB6J+hiKvRDH+T |
|
|
| c:\programdata\microsoft\windows\start menu\programs\accessories\desktop.ini | 1.72 KB |
MD5:
9d73e3e0fcb57986c4506c1608e9cddd
SHA1: 910e535fef6df19c696f84edbe77f790b604e1ab SHA256: a1c87a28e984d70f876a6317b5cfcd94710a8ead65f305718ff0e68334bfc0c4 SSDeep: 48:2IDmza/PABPpoP+IMpvG1g/JaxZGGHmyx9J4KAZzeGjI808nGn:2wX/Pf5evG1+afXH3xY7zeSRnGn |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl.RYK | 16.28 KB |
MD5:
15e51f38bb0b0f6f0ca4875de80557bf
SHA1: bd722b2bacf6e097889247e3d6fb478706aa4821 SHA256: b8df085680a67c24fe3064d71e51006c3bd496ebc60f74bfc20b9822bae75dd4 SSDeep: 384:dXevRGlbjc5Ft1qm1kIw/3EX4BQ5oO0n4XTfeENPuajfK3t9w8gr2U5uE/wj:iRGlbI5Ftcm12/AcQ5RNPuqK3t9lvQud |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol.RYK | 0.71 KB |
MD5:
ba64bdfddad8bf4721be2dc57fb77de0
SHA1: 1632cb63d65b095f74c1670484a7c026200f174e SHA256: 4bf14efd5818d594c0f88a4ee9da20a8a54b471a6a9fcb3f45632a6ba1330d53 SSDeep: 12:gTJTVMeaPQzbgv9Q6020kIsj6rqmn/YVst9QXF5SdMQSzfIIvfWndrO2:gVTVWPoa30P66rqxVPXF2SvfAJf |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\13\278.RYK | 0.41 KB |
MD5:
3b7279680dd7a38b4bfcca2d70e7a812
SHA1: d82b3d5f831add1a7d203be79e46c3936df2bf7e SHA256: c837b1e0372246de6629150b345661b6d06fe8a65f73bc962c55e7e541dc98fd SSDeep: 12:uBCvzAVfoeyHLtyfwVNQPqTLFuZ5HiRgGMv:FvzAanZx0PyiYZY |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl.RYK | 8.28 KB |
MD5:
bc043d2fccc190d2d5c40efb060ee89d
SHA1: e81b38709f1b60e2e6f7a994afb90b2ccb94abac SHA256: da16e527e3633b6d6002454d115d6fa4d987d156a873b97c1b6d2f890825a3f9 SSDeep: 192:dwAiKg5tZoTN4fnExA2Ll12/o1vs2SZhiv:dE5DoG8532/WvsbZhM |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk.RYK | 1.35 KB |
MD5:
e2d8cf8a721eda3bbdc113e83015b6ae
SHA1: e8150d86de41d794e49366d8aa8eb897e37cbaa4 SHA256: 0282e9d247eaf1021f9324e1cfb84c4ebe24ae238395556bb87b5faff136ae42 SSDeep: 24:ZHKGIfEg8pAwq7RuZdfOt7ZT62nWHdgcM1FYqJgJ54lJ40vKRrQ:lKGIf/6q7RuZdfOt7ZWHdM16qJoUJ40F |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\12\194.RYK | 0.41 KB |
MD5:
d1829709b2a4ca0746b5d8a5605360b0
SHA1: e54ef11845a1c45d8eea455070e275d37b241a90 SHA256: f53b785d1f9fbabd842eda7614949db17b478235ce4bb3f077b774b7e99a4f8e SSDeep: 6:9a5/GEjpDYMGz1YBsV6UaZCD1LK0VE93DEeeybyA+grIvB81gc/rMZb66CyBiB7N:45uwDYpJPaMRO0VE9z1V0gFKD2FxwW |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini.RYK | 1.27 KB |
MD5:
2537892918d7199c5da36c1080ba8156
SHA1: 595c192d66e4bd333fee720c1301bd4dff1baed0 SHA256: b25cd65acde02d8cfbb3c57d69fe7da963d5807138b6fbf808580d31daf4d8bc SSDeep: 24:F8DrxCyEX3f1DKj16VP4umufSMhgicfcqdlJiK+ojqcI8pQzx:mDrxpEXahqRhbMcqdlMKbj28pcx |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk.RYK | 2.64 KB |
MD5:
941435c209d1b2ce23836922fbf47ef5
SHA1: b9f9dd8f20bc6febeff1f0c89216ee61aadc24ef SHA256: 884cf1584b538e350a5ad025ec584bc77cecc569a65b31a37bf0178391e60504 SSDeep: 48:RWDHoQEXbJIeWaqAjV/RSh0RceJbbDrX67dWyuAzhWyPfVj2vmW++9YRtzq17a4L:aHojXkojV/RFJP6zuAEy3Vj2vmW14zqT |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\02\303.RYK | 0.44 KB |
MD5:
901ce2745769f7d463250004ada87611
SHA1: 61567b2d05b770be674fbba0a1e51d9190b09387 SHA256: 21888eafef2ee35dc4f7a4006c7d2ea42d5dd84e7a210b0e9017455a4eb2b24c SSDeep: 6:mw/WlGntjCDnZz1VSaZJ/irSlL9pR4SDYujyWSZjqbz26n+fGdQab+eB7Yk+Vjpf:mECdz1oKkELlDFjyVZ5GtJV8BFPiiB |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\13712.RYK | 0.41 KB |
MD5:
a408a70a5d84c5d1775cf8ece49659cd
SHA1: 761936a12d8240187cb06a5c7a596e978ad897d4 SHA256: 15ecaf804ae42095f5479def1db9f9c93d48729b8fea7b8a57faf3898827f842 SSDeep: 6:iGJ9d+Dy7SAHRhJBeMUKLCyC3cSLB5sur6bDvrOEit85Gh0Ds+dXL6tD7EPIIeAA:L9dcyXJ7L+cS1yTbnXimchqWvDAohr |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Pending.GRL.RYK | 14.89 KB |
MD5:
4166a57d648b1ae6d93819ec7fcee4b3
SHA1: 20ac87c46d47750973eed98138cdc10a0e20b9d8 SHA256: 29d9f584cd15b229543fd2b520fdcee4aa5a4f019f69404f5a102e1bbb50f381 SSDeep: 384:BSDeLMjt3p3lpZsIwjm+msafWMCe9H/TgeQG:BSyIZLpuIya+MTRTUG |
|
|
| c:\programdata\microsoft\windows defender\scans\history\mput\mputhistory\18\195 | 0.41 KB |
MD5:
d29212e8035f242ccf3916c775726a0a
SHA1: 0fcf37b0925518d6296ae4f366ddefc405e9c37a SHA256: 33a21897d7b080fd363c74644483ef989ab1760fbe0d02984ccd6b553ab3b76f SSDeep: 12:YAgQr3WDS5RUW40kmvKNfyrJp5k7RbeH7D9suw:dgQLWDsRE0HvJpuRg7Jsuw |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk.RYK | 2.67 KB |
MD5:
b7be268e438942f1279a58ad96ca07a9
SHA1: 438b5da31a715de40197606bb1f50609e98eb439 SHA256: 9a1126a79526c97299abd89ad22a17c5bf3d6fca541f8da1bb075b0d8ee7c412 SSDeep: 48:jGrvctbfhF4rOsyeKmLUU/KfJlY8Jd5vsY2a9hV/UAAgnoEaP:jgv8bZFzeKmLUU/Kfk8Jd5vskT8AAhEY |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini.RYK | 0.64 KB |
MD5:
6e7ba2db7c4808a0a3b1ad8c91efa697
SHA1: 3f9d82a54cb8e4b7fdbd2de5d97073f68b28abd9 SHA256: aae9463e92bded0f9cbb98f8793215459f8a9dd9b2484563348157d36fc664c9 SSDeep: 12:EoCLD553ZI/QZH1cLRxT+FzgXaadXLGWTrcmUZhK1MkwBeFvMZTP2/o3YPn+gqdd:EoCDjpIIZePwcD5Ic1M3wQ1DPn6W |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl.RYK | 16.28 KB |
MD5:
074708ca4ffeac99b6d215fc149c2e8f
SHA1: dfa6daaa8286e24f8b99cf8842b7862e4ad00c67 SHA256: 1230a5659c9f3dc00daef3d86806526dbeef1c5a31cacfdd914fcc13eda29019 SSDeep: 384:LLqsUZ6Y3/hZvu62rIxCN+DlthSeCq31g0ikJr4ron:asLcPv928xkqltopOg10V |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl.RYK | 16.28 KB |
MD5:
6d0a9983a7cdf21f9dd78e820c5b3399
SHA1: 888d466efed748d160b61647ad126781d3130ab4 SHA256: 99fee1f76ee55272a24605715428a6e3b78ac5a969e695c484d104387f0128be SSDeep: 384:QRPAZVycdrj+d/Vps5QfqRaeFyump//2S+ouLgnwKobwzkhFb+:QR4ZVvrj+KWC89rN1obOO+ |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint 2016.lnk.RYK | 2.67 KB |
MD5:
fb16b0d4acc55850b0b577f266e77bdb
SHA1: a26e769058b0eff1274f3455832ddeb3d21dc605 SHA256: 200a55dabd137bbbc64d3b4b070b547fad2ae0dcbf53548ffd60391cbbb8935a SSDeep: 48:t7LyzxrxMxodnI5uAhryU53VugN4PKfRsLY4DFXzW3tdN4OnsPhXS7cUbPMQ1zGt:tXmxrTnI5uAhryU5sgNq4aE4DFwXiOn8 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl.RYK | 16.28 KB |
MD5:
4efc3f631fa0dd5b733e55c72b61682e
SHA1: f5c9e94c477f3b73f797b57c3ecd5ff91c5dc6a1 SHA256: 7fd7d67b9956145ad4ab5c8a194271bc1e9fd30ad4d9a80f3fc1f8fc7916259e SSDeep: 384:iBV5lO00Z1nxNs4vS7MQk/ROAv0R6HBQVJE+m3SttYgyj:QVrOflxNMfkZOAv0R6aTm3S0P |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static.RYK | 2.83 KB |
MD5:
d95dbdc7b04017dac69277df7bcb6934
SHA1: 0063c40724000b62c0b42b8996f65cc53706366f SHA256: ae40988eec27609522db4088af525cdae1a210ac33911c73a82e1af9b83c4d5d SSDeep: 48:vCQZveDNsmHbULbKZEJSkVCSxPRxLdz/jYPJbgaAw8g8nQVmmuaEQlVmS+dwF7m:vpRWmmQLiEJrVCSNrdzbYxb1A0cMm7aS |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project 2016.lnk.RYK | 2.69 KB |
MD5:
fba191943805071e529d043c5c9598ac
SHA1: cec304f4e94b4c1821d2aa5408b191ed8bdb55d3 SHA256: 1dae1e5f9ac0da32b2999d7e273056c3cb2877485904b27c224dc480b8320b94 SSDeep: 48:qVA+yvxqI1bbFJOMQdLuJEUqXLgHY8lA3i7ZUVBQpPdTLTrfYGDX7a9O:VxqI1bJYM2y4gHYsZUV2pVf/Y+UO |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Configure Java.lnk.RYK | 2.30 KB |
MD5:
ce96b3a4304ca2f0f3e7ca2fb06f7d7f
SHA1: 6f25ebd533de94dc550850ed2a7d1c8b73123a36 SHA256: 1c97619b06a54681c47c6ce1940f592d1cd97fda12cf6700a650b23b4af8bb8c SSDeep: 48:X8KaI1dboEpeZXOk7Ef6CTS0HlGj6e6u3nNXOARVCzYSz1zSP2h6FnD:I2q8eZXOk46CGAGjn64nsQUUSpzAhN |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher 2016.lnk.RYK | 2.63 KB |
MD5:
2f467b4825348af8c098b49ae54fac18
SHA1: 5209fae69711fb4d28ba013feea0bc19ddbf36b5 SHA256: c7cba9d2b589203763fd354736c9b95abc6b9d5ea5d30d05ef7d0d710bf17bc5 SSDeep: 48:XVuGOhfjw+/I+qDVnxqVV5cjM9IrlfRg1o7dVsiWzcjSV8O265SfmZ17I4C3bUfp:XVWfjw+J+BkV5clrlaM3JOOO265SfmZr |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl.RYK | 16.28 KB |
MD5:
3f3e437904352274ee04e77806b073d1
SHA1: 478e9718fdfe416e122f4cac6ca800ed4f74ac23 SHA256: 18987e544c4f22c4364236bc961245864cba310b4cbdb49781d1f7f4ab84e8af SSDeep: 384:5ww4ZjkNq/bNrYYxGGgwgfE5UzurfsT2WV:5wwUjxtxOAUpHV |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl.RYK | 16.28 KB |
MD5:
b651be5e48f96a5b537116e7d102655f
SHA1: 4b6225a32cd2449317094501f6fba0c0c3484591 SHA256: 0b620bf3989e4b9579d1fa33e443b945abbcde73c55c6107ec27676c9a5af0c5 SSDeep: 384:jgZwUJsJ2jf2QhRzWC+x41RmvQujiGXMGG5aeTgX2Ne+kNlUj/hjn:jtUJ3jhRzWC+x41E1jjXzuaig8e+YUjd |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat.RYK | 0.72 KB |
MD5:
0c9911ab0d61cf15d56481bcbd1a3307
SHA1: 6535a9fa8ae53be7ef71745f44a2833e4387cf68 SHA256: f3a1eba5221cf634ae216246c1a23e898064cea32eed25397062273c4f308dbb SSDeep: 12:xVhgDQgjiDDyc0tNksm0rdxIduDYKCoV1w4xzkO2uJGcud9my2LqyN8ykPIubWHF:XhgHiDDyesHvrYKpw4xyrTmy2LqyN8yJ |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Acrobat Reader DC.lnk.RYK | 2.36 KB |
MD5:
b5c56285c8098b635a5fe0ae1e624a8a
SHA1: f6d6b5c46482b27254f345af10e3125a9fd94e11 SHA256: d8e97b14831ab30f0d0a8462d65fc0f1c9584ffc22242b6e4606d4ace2ac1a08 SSDeep: 48:snVspFnMOCkXLn+BPjBSdx/mk74FaOZLW2ATCBc9IvylR4mmhKR1iUrTYffo:aVUFMqyjkt12AOB6Iv+ghAo0Yfg |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel.lnk.RYK | 2.64 KB |
MD5:
f6bdd77e459b382cbaee3c6d66326748
SHA1: c91915111ad17e78d239373178ae83153294de3f SHA256: 48fdb0fce2d2d0d2c8ee8354daecf442d2f89ab54a7512e048b0302e3ac8efe8 SSDeep: 48:kcxJX+BDREyjOOCec0DTLCfeJGlD8abwHMH8f8Vdulgk1mRV5zc+wPduiAAVc:kgXw9djOOCevDTIeJGlDN2MHwsKUzYdQ |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\0000000000000000.idx.RYK | 0.36 KB |
MD5:
d05f09df17049de669fd783e03219443
SHA1: 60a991dce4ee9fff81e0fe7900b4f2e2436b9dcf SHA256: c66deab773875f5deba7146a58d00912f458a3f59003f8fab978d5a4d2395d24 SSDeep: 6:56/+8HAFQq+L0Voifmz2t+cWz9IoPLnYeb2Vjseud1czDQ1eihlsFkgEBD/Lovgj:e+OAFQq+Lefc2xWz9REeb2VL+WMDh+Fe |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini.RYK | 0.44 KB |
MD5:
a0bbb0c1fc1c8cd7f5055792759560d9
SHA1: 8fee8af6a2e34f05ae569f51bd57ac266b3a8236 SHA256: 2df00c445644c90dbb5eb39058e9bd1310648181d632fc237a6cb4ec0c18aa25 SSDeep: 12:sqYEPvZzMeHTlzN6L7f1SwV02coc/fYZfb:sqVZzLHTqdF+Qb |
|
|
Threads
Thread 0x6b4
24448
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Load | module_name = api-ms-win-core-synch-l1-2-0, base_address = 0x7ffc55040000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernelbase.dll, function = InitializeCriticalSectionEx, address_out = 0x7ffc55093900 |
|
1 | |
| Module | Load | module_name = api-ms-win-core-fibers-l1-1-1, base_address = 0x7ffc55040000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernelbase.dll, function = FlsAlloc, address_out = 0x7ffc550a4580 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernelbase.dll, function = FlsSetValue, address_out = 0x7ffc55092900 |
|
1 | |
| Module | Load | module_name = advapi32, base_address = 0x7ffc57aa0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = EventRegister, address_out = 0x7ffc57b88ff0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = EventSetInformation, address_out = 0x7ffc57b5e180 |
|
1 | |
| Module | Load | module_name = api-ms-win-core-synch-l1-2-0, base_address = 0x7ffc55040000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernelbase.dll, function = InitializeCriticalSectionEx, address_out = 0x7ffc55093900 |
|
1 | |
| Module | Load | module_name = api-ms-win-core-fibers-l1-1-1, base_address = 0x7ffc55040000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernelbase.dll, function = FlsAlloc, address_out = 0x7ffc550a4580 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernelbase.dll, function = FlsGetValue, address_out = 0x7ffc55088e40 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernelbase.dll, function = FlsSetValue, address_out = 0x7ffc55092900 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Load | module_name = api-ms-win-core-localization-l1-2-1, base_address = 0x7ffc55040000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernelbase.dll, function = LCMapStringEx, address_out = 0x7ffc5505a930 |
|
1 | |
| Module | Get Filename | process_name = c:\users\public\mksmd.exe, file_name_orig = C:\users\Public\MKSMD.exe, size = 260 |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Module | Get Filename | process_name = c:\users\public\mksmd.exe, file_name_orig = C:\users\Public\MKSMD.exe, size = 260 |
|
1 | |
| System | Sleep | duration = 5000 milliseconds (5.000 seconds) |
|
1 | |
| File | Delete | filename = C:\Users\CIiHmnxMn6Ps\Desktop\symnfa.exe |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| User | Lookup Privilege | privilege = SeDebugPrivilege, luid = 20 |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Module | Get Filename | process_name = c:\users\public\mksmd.exe, file_name_orig = C:\users\Public\MKSMD.exe, size = 100 |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Module | Get Handle | module_name = c:\users\public\mksmd.exe, base_address = 0x7ff6d3e70000 |
|
1 | |
| Memory | Allocate | process_name = c:\windows\system32\sihost.exe, address = 0x7ff6d3e70000, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3760128 |
|
1 | |
| Memory | Write | process_name = c:\windows\system32\sihost.exe, address = 0x7ff6d3e70000, size = 3760128 |
|
1 | |
| Thread | Create | process_name = c:\windows\system32\sihost.exe, proc_address = 0x7ff6d3e72870, proc_parameter = 140698093813760, flags = THREAD_RUNS_IMMEDIATELY |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Module | Get Handle | module_name = c:\users\public\mksmd.exe, base_address = 0x7ff6d3e70000 |
|
1 | |
| Memory | Allocate | process_name = c:\windows\system32\taskhostw.exe, address = 0x7ff6d3e70000, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3760128 |
|
1 | |
| Memory | Write | process_name = c:\windows\system32\taskhostw.exe, address = 0x7ff6d3e70000, size = 3760128 |
|
1 | |
| Thread | Create | process_name = c:\windows\system32\taskhostw.exe, proc_address = 0x7ff6d3e72870, proc_parameter = 140698093813760, flags = THREAD_RUNS_IMMEDIATELY |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Module | Get Handle | module_name = c:\users\public\mksmd.exe, base_address = 0x7ff6d3e70000 |
|
1 | |
| Memory | Allocate | process_name = c:\windows\system32\runtimebroker.exe, address = 0x7ff6d3e70000, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3760128 |
|
1 | |
| Memory | Write | process_name = c:\windows\system32\runtimebroker.exe, address = 0x7ff6d3e70000, size = 3760128 |
|
1 | |
| Thread | Create | process_name = c:\windows\system32\runtimebroker.exe, proc_address = 0x7ff6d3e72870, proc_parameter = 140698093813760, flags = THREAD_RUNS_IMMEDIATELY |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Module | Get Handle | module_name = c:\users\public\mksmd.exe, base_address = 0x7ff6d3e70000 |
|
1 | |
| Memory | Allocate | process_name = c:\windows\systemapps\shellexperiencehost_cw5n1h2txyewy\shellexperiencehost.exe, address = 0x7ff6d3e70000, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3760128 |
|
1 | |
| Memory | Write | process_name = c:\windows\systemapps\shellexperiencehost_cw5n1h2txyewy\shellexperiencehost.exe, address = 0x7ff6d3e70000, size = 3760128 |
|
1 | |
| Thread | Create | process_name = c:\windows\systemapps\shellexperiencehost_cw5n1h2txyewy\shellexperiencehost.exe, proc_address = 0x7ff6d3e72870, proc_parameter = 140698093813760, flags = THREAD_RUNS_IMMEDIATELY |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Module | Get Handle | module_name = c:\users\public\mksmd.exe, base_address = 0x7ff6d3e70000 |
|
1 | |
| Memory | Allocate | process_name = c:\windows\systemapps\microsoft.windows.cortana_cw5n1h2txyewy\searchui.exe, address = 0x7ff6d3e70000, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3760128 |
|
1 | |
| Memory | Write | process_name = c:\windows\systemapps\microsoft.windows.cortana_cw5n1h2txyewy\searchui.exe, address = 0x7ff6d3e70000, size = 3760128 |
|
1 | |
| Thread | Create | process_name = c:\windows\systemapps\microsoft.windows.cortana_cw5n1h2txyewy\searchui.exe, proc_address = 0x7ff6d3e72870, proc_parameter = 140698093813760, flags = THREAD_RUNS_IMMEDIATELY |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Module | Get Handle | module_name = c:\users\public\mksmd.exe, base_address = 0x7ff6d3e70000 |
|
1 | |
| Memory | Allocate | process_name = c:\program files (x86)\windows multimedia platform\commands-xerox-relationship.exe, address = 0x0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3760128 |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Module | Get Handle | module_name = c:\users\public\mksmd.exe, base_address = 0x7ff6d3e70000 |
|
1 | |
| Memory | Allocate | process_name = c:\program files (x86)\internet explorer\entities.exe, address = 0x0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3760128 |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Module | Get Handle | module_name = c:\users\public\mksmd.exe, base_address = 0x7ff6d3e70000 |
|
1 | |
| Memory | Allocate | process_name = c:\program files (x86)\adobe\explaining.exe, address = 0x0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3760128 |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Module | Get Handle | module_name = c:\users\public\mksmd.exe, base_address = 0x7ff6d3e70000 |
|
1 | |
| Memory | Allocate | process_name = c:\program files\windows photo viewer\ham.exe, address = 0x0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3760128 |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Module | Get Handle | module_name = c:\users\public\mksmd.exe, base_address = 0x7ff6d3e70000 |
|
1 | |
| Memory | Allocate | process_name = c:\program files\windows portable devices\hatsvegetablecontrollers.exe, address = 0x0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3760128 |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Module | Get Handle | module_name = c:\users\public\mksmd.exe, base_address = 0x7ff6d3e70000 |
|
1 | |
| Memory | Allocate | process_name = c:\program files (x86)\windowspowershell\protein-senators-ev.exe, address = 0x0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3760128 |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Module | Get Handle | module_name = c:\users\public\mksmd.exe, base_address = 0x7ff6d3e70000 |
|
1 | |
| Memory | Allocate | process_name = c:\program files (x86)\windowspowershell\character-collecting-vb.exe, address = 0x0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3760128 |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Module | Get Handle | module_name = c:\users\public\mksmd.exe, base_address = 0x7ff6d3e70000 |
|
1 | |
| Memory | Allocate | process_name = c:\program files\internet explorer\business-acrobat.exe, address = 0x0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3760128 |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Module | Get Handle | module_name = c:\users\public\mksmd.exe, base_address = 0x7ff6d3e70000 |
|
1 | |
| Memory | Allocate | process_name = c:\program files\common files\cowboy.exe, address = 0x0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3760128 |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Module | Get Handle | module_name = c:\users\public\mksmd.exe, base_address = 0x7ff6d3e70000 |
|
1 | |
| Memory | Allocate | process_name = c:\program files\uninstall information\ncstatementsinventory.exe, address = 0x0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3760128 |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Module | Get Handle | module_name = c:\users\public\mksmd.exe, base_address = 0x7ff6d3e70000 |
|
1 | |
| Memory | Allocate | process_name = c:\program files\windows sidebar\castlethatssystems.exe, address = 0x0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3760128 |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Module | Get Handle | module_name = c:\users\public\mksmd.exe, base_address = 0x7ff6d3e70000 |
|
1 | |
| Memory | Allocate | process_name = c:\program files\windows journal\use-sweden-decorative.exe, address = 0x0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3760128 |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Module | Get Handle | module_name = c:\users\public\mksmd.exe, base_address = 0x7ff6d3e70000 |
|
1 | |
| Memory | Allocate | process_name = c:\program files (x86)\mozilla firefox\se-viii-pipes.exe, address = 0x0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3760128 |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Module | Get Handle | module_name = c:\users\public\mksmd.exe, base_address = 0x7ff6d3e70000 |
|
1 | |
| Memory | Allocate | process_name = c:\program files (x86)\common files\watershed_morocco.exe, address = 0x0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3760128 |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Module | Get Handle | module_name = c:\users\public\mksmd.exe, base_address = 0x7ff6d3e70000 |
|
1 | |
| Memory | Allocate | process_name = c:\program files\windows journal\larry managers.exe, address = 0x0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3760128 |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Module | Get Handle | module_name = c:\users\public\mksmd.exe, base_address = 0x7ff6d3e70000 |
|
1 | |
| Memory | Allocate | process_name = c:\program files\windows portable devices\helpful.exe, address = 0x0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3760128 |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Module | Get Handle | module_name = c:\users\public\mksmd.exe, base_address = 0x7ff6d3e70000 |
|
1 | |
| Memory | Allocate | process_name = c:\program files\microsoft office\coast-domains.exe, address = 0x0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3760128 |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Module | Get Handle | module_name = c:\users\public\mksmd.exe, base_address = 0x7ff6d3e70000 |
|
1 | |
| Memory | Allocate | process_name = c:\program files (x86)\windows mail\andy-aerial-spain.exe, address = 0x0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3760128 |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Module | Get Handle | module_name = c:\users\public\mksmd.exe, base_address = 0x7ff6d3e70000 |
|
1 | |
| Memory | Allocate | process_name = c:\program files\windows media player\security females ward.exe, address = 0x0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3760128 |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Module | Get Handle | module_name = c:\users\public\mksmd.exe, base_address = 0x7ff6d3e70000 |
|
1 | |
| Memory | Allocate | process_name = c:\program files (x86)\windowspowershell\rw_monica.exe, address = 0x0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3760128 |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Module | Get Handle | module_name = c:\users\public\mksmd.exe, base_address = 0x7ff6d3e70000 |
|
1 | |
| Memory | Allocate | process_name = c:\program files\microsoft office\root\office16\msoia.exe, address = 0x0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3760128 |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Process | Open | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Module | Get Handle | module_name = c:\users\public\mksmd.exe, base_address = 0x7ff6d3e70000 |
|
1 | |
| Memory | Allocate | process_name = c:\windows\system32\svchost.exe, address = 0x7ff6d3e70000, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3760128 |
|
1 | |
| Memory | Write | process_name = c:\windows\system32\svchost.exe, address = 0x7ff6d3e70000, size = 3760128 |
|
1 | |
| Thread | Create | process_name = c:\windows\system32\svchost.exe, proc_address = 0x7ff6d3e72870, proc_parameter = 140698093813760, flags = THREAD_RUNS_IMMEDIATELY |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| System | Sleep | duration = 5000 milliseconds (5.000 seconds) |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x7ffc55800000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = LoadLibraryA, address_out = 0x7ffc55822080 |
|
1 | |
| Module | Load | module_name = mpr.dll, base_address = 0x7ffc53810000 |
|
1 | |
| Module | Load | module_name = advapi32.dll, base_address = 0x7ffc57aa0000 |
|
1 | |
| Module | Load | module_name = ole32.dll, base_address = 0x7ffc57750000 |
|
1 | |
| Module | Load | module_name = Shell32.dll, base_address = 0x7ffc559d0000 |
|
1 | |
| Module | Load | module_name = Iphlpapi.dll, base_address = 0x7ffc51c50000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetLastError, address_out = 0x7ffc55816060 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = VirtualFree, address_out = 0x7ffc5581bc10 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptExportKey, address_out = 0x7ffc57ab7b50 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = DeleteFileW, address_out = 0x7ffc558257a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetDriveTypeW, address_out = 0x7ffc558258f0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetCommandLineW, address_out = 0x7ffc55820150 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetStartupInfoW, address_out = 0x7ffc5581ed80 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = FindNextFileW, address_out = 0x7ffc55825880 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = VirtualAlloc, address_out = 0x7ffc5581baf0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = GetUserNameA, address_out = 0x7ffc57acec40 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = ExitProcess, address_out = 0x7ffc5581ef50 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = Wow64RevertWow64FsRedirection, address_out = 0x7ffc558436a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateProcessA, address_out = 0x7ffc5581d5b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\iphlpapi.dll, function = GetIpNetTable, address_out = 0x7ffc51c6f0b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetVersionExW, address_out = 0x7ffc5581aa30 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x7ffc55843690 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetSystemDefaultLangID, address_out = 0x7ffc55822ba0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = GetUserNameW, address_out = 0x7ffc57abda40 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = ReadFile, address_out = 0x7ffc55825a90 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegQueryValueExA, address_out = 0x7ffc57ab7dd0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CloseHandle, address_out = 0x7ffc55825510 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegSetValueExW, address_out = 0x7ffc57ab7850 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegCloseKey, address_out = 0x7ffc57ab72e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CopyFileA, address_out = 0x7ffc5583e430 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetFileAttributesW, address_out = 0x7ffc55825b00 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = WinExec, address_out = 0x7ffc55841e60 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptDeriveKey, address_out = 0x7ffc57ad07a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptGenKey, address_out = 0x7ffc57abcab0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = Sleep, address_out = 0x7ffc55818f00 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetCurrentProcess, address_out = 0x7ffc55816580 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\shell32.dll, function = ShellExecuteW, address_out = 0x7ffc55b1abc0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetFileSize, address_out = 0x7ffc55825950 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GlobalAlloc, address_out = 0x7ffc5581b810 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = FindClose, address_out = 0x7ffc558257c0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = WaitForMultipleObjects, address_out = 0x7ffc558256e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetModuleFileNameA, address_out = 0x7ffc55820c70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\shell32.dll, function = ShellExecuteA, address_out = 0x7ffc55bd7de0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetModuleHandleA, address_out = 0x7ffc5581e6d0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetModuleFileNameW, address_out = 0x7ffc5581eca0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateFileA, address_out = 0x7ffc55825760 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetFileSizeEx, address_out = 0x7ffc55825960 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = WriteFile, address_out = 0x7ffc55825b80 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetLogicalDrives, address_out = 0x7ffc558166d0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\mpr.dll, function = WNetEnumResourceW, address_out = 0x7ffc538127d0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegOpenKeyExW, address_out = 0x7ffc57ab6cb0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\mpr.dll, function = WNetCloseEnum, address_out = 0x7ffc53812e20 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetWindowsDirectoryW, address_out = 0x7ffc55822940 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetFileAttributesA, address_out = 0x7ffc55825af0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegOpenKeyExA, address_out = 0x7ffc57ab7d70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetFilePointer, address_out = 0x7ffc55825b20 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetTickCount, address_out = 0x7ffc558160a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetFileAttributesW, address_out = 0x7ffc55825930 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = FindFirstFileW, address_out = 0x7ffc55825840 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptAcquireContextW, address_out = 0x7ffc57ab89e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = MoveFileExW, address_out = 0x7ffc55823010 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\mpr.dll, function = WNetOpenEnumW, address_out = 0x7ffc53812f20 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ole32.dll, function = CoInitialize, address_out = 0x7ffc57763870 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptDecrypt, address_out = 0x7ffc57ab9140 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptImportKey, address_out = 0x7ffc57ab7b40 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetFilePointerEx, address_out = 0x7ffc55825b30 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CopyFileW, address_out = 0x7ffc55825d70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = FreeLibrary, address_out = 0x7ffc5581eb90 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateProcessW, address_out = 0x7ffc5581dee0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateDirectoryW, address_out = 0x7ffc55825740 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateThread, address_out = 0x7ffc5581bc20 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptDestroyKey, address_out = 0x7ffc57ab86b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ole32.dll, function = CoCreateInstance, address_out = 0x7ffc57257000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateFileW, address_out = 0x7ffc55825770 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetFileAttributesA, address_out = 0x7ffc55825900 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptEncrypt, address_out = 0x7ffc57abd7e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegDeleteValueW, address_out = 0x7ffc57ab90b0 |
|
1 | |
| User | Lookup Privilege | privilege = SeBackupPrivilege, luid = 17 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| System | Get Info | type = Windows Directory, result_out = C:\Windows |
|
2 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| File | Create | filename = C:\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\RyukReadMe.txt, size = 1299 |
|
1 | |
| File | Create | filename = C:\Boot\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Boot\BCD.LOG1, size = 1299 |
|
1 | |
| File | Create | filename = C:\Boot\bg-BG\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Boot\bg-BG\RyukReadMe.txt, size = 1299 |
|
1 | |
| File | Create | filename = C:\Boot\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Boot\cs-CZ\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Boot\cs-CZ\RyukReadMe.txt, size = 1299 |
|
1 | |
| File | Create | filename = C:\Boot\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Boot\da-DK\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Boot\da-DK\RyukReadMe.txt, size = 1299 |
|
1 | |
| File | Create | filename = C:\Boot\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Boot\de-DE\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Boot\de-DE\RyukReadMe.txt, size = 1299 |
|
1 | |
| File | Create | filename = C:\Boot\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Boot\el-GR\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Boot\el-GR\RyukReadMe.txt, size = 1299 |
|
1 | |
| File | Create | filename = C:\Boot\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Boot\en-GB\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Boot\en-GB\RyukReadMe.txt, size = 1299 |
|
1 | |
| File | Create | filename = C:\Boot\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Boot\en-US\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Boot\en-US\RyukReadMe.txt, size = 1299 |
|
1 | |
| File | Create | filename = C:\Boot\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Boot\es-ES\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Boot\es-ES\RyukReadMe.txt, size = 1299 |
|
1 | |
| File | Create | filename = C:\Boot\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Boot\es-MX\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Boot\es-MX\RyukReadMe.txt, size = 1299 |
|
1 | |
| File | Create | filename = C:\Boot\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Boot\et-EE\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Boot\et-EE\RyukReadMe.txt, size = 1299 |
|
1 | |
| File | Create | filename = C:\Boot\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Boot\fi-FI\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Boot\fi-FI\RyukReadMe.txt, size = 1299 |
|
1 | |
| File | Create | filename = C:\Boot\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Boot\Fonts\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Boot\Fonts\RyukReadMe.txt, size = 1299 |
|
1 | |
| File | Create | filename = C:\Boot\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Boot\fr-CA\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Boot\fr-CA\RyukReadMe.txt, size = 1299 |
|
1 | |
| File | Create | filename = C:\Boot\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Boot\fr-FR\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Boot\fr-FR\RyukReadMe.txt, size = 1299 |
|
1 | |
| File | Create | filename = C:\Boot\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Boot\hr-HR\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Boot\hr-HR\RyukReadMe.txt, size = 1299 |
|
1 | |
| File | Create | filename = C:\Boot\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Boot\hu-HU\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Boot\hu-HU\RyukReadMe.txt, size = 1299 |
|
1 | |
| File | Create | filename = C:\Boot\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Boot\it-IT\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Boot\it-IT\RyukReadMe.txt, size = 1299 |
|
1 | |
| File | Create | filename = C:\Boot\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Boot\ja-JP\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Boot\ja-JP\RyukReadMe.txt, size = 1299 |
|
1 | |
| File | Create | filename = C:\Boot\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Boot\ko-KR\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Boot\ko-KR\RyukReadMe.txt, size = 1299 |
|
1 | |
| File | Create | filename = C:\Boot\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Boot\lt-LT\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Boot\lt-LT\RyukReadMe.txt, size = 1299 |
|
1 | |
| File | Create | filename = C:\Boot\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Boot\lv-LV\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Boot\lv-LV\RyukReadMe.txt, size = 1299 |
|
1 | |
| File | Create | filename = C:\Boot\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Boot\nb-NO\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Boot\nb-NO\RyukReadMe.txt, size = 1299 |
|
1 | |
| File | Create | filename = C:\Boot\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Boot\nl-NL\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Boot\nl-NL\RyukReadMe.txt, size = 1299 |
|
1 | |
| File | Create | filename = C:\Boot\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Boot\pl-PL\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Boot\pl-PL\RyukReadMe.txt, size = 1299 |
|
1 | |
| File | Create | filename = C:\Boot\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Boot\pt-BR\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Boot\pt-BR\RyukReadMe.txt, size = 1299 |
|
1 | |
| File | Create | filename = C:\Boot\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Boot\pt-PT\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Boot\pt-PT\RyukReadMe.txt, size = 1299 |
|
1 | |
| File | Create | filename = C:\Boot\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Boot\qps-ploc\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Boot\qps-ploc\RyukReadMe.txt, size = 1299 |
|
1 | |
| File | Create | filename = C:\Boot\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Boot\Resources\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Boot\Resources\RyukReadMe.txt, size = 1299 |
|
1 | |
| File | Create | filename = C:\Boot\Resources\en-US\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Boot\Resources\en-US\RyukReadMe.txt, size = 1299 |
|
1 | |
| File | Create | filename = C:\Boot\Resources\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Boot\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Boot\ro-RO\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Boot\ro-RO\RyukReadMe.txt, size = 1299 |
|
1 | |
| File | Create | filename = C:\Boot\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Boot\ru-RU\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Boot\ru-RU\RyukReadMe.txt, size = 1299 |
|
1 | |
| File | Create | filename = C:\Boot\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Boot\sk-SK\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Boot\sk-SK\RyukReadMe.txt, size = 1299 |
|
1 | |
| File | Create | filename = C:\Boot\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Boot\sl-SI\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Boot\sl-SI\RyukReadMe.txt, size = 1299 |
|
1 | |
| File | Create | filename = C:\Boot\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Boot\sr-Latn-CS\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Boot\sr-Latn-CS\RyukReadMe.txt, size = 1299 |
|
1 | |
| File | Create | filename = C:\Boot\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Boot\sr-Latn-RS\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Boot\sr-Latn-RS\RyukReadMe.txt, size = 1299 |
|
1 | |
| File | Create | filename = C:\Boot\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Boot\sv-SE\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Boot\sv-SE\RyukReadMe.txt, size = 1299 |
|
1 | |
| File | Create | filename = C:\Boot\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Boot\tr-TR\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Boot\tr-TR\RyukReadMe.txt, size = 1299 |
|
1 | |
| File | Create | filename = C:\Boot\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Boot\uk-UA\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Boot\uk-UA\RyukReadMe.txt, size = 1299 |
|
1 | |
| File | Create | filename = C:\Boot\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Boot\zh-CN\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Boot\zh-CN\RyukReadMe.txt, size = 1299 |
|
1 | |
| File | Create | filename = C:\Boot\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Boot\zh-HK\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Boot\zh-HK\RyukReadMe.txt, size = 1299 |
|
1 | |
| File | Create | filename = C:\Boot\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Boot\zh-TW\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Boot\zh-TW\RyukReadMe.txt, size = 1299 |
|
1 | |
| File | Create | filename = C:\Boot\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Config.Msi\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Config.Msi\RyukReadMe.txt, size = 1299 |
|
1 | |
| File | Create | filename = C:\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Documents and Settings\RyukReadMe.txt, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\RyukReadMe.txt, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Adobe\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Adobe\RyukReadMe.txt, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Adobe\ARM\RyukReadMe.txt, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Adobe\ARM\Reader_15.007.20033\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Adobe\ARM\Reader_15.007.20033\RyukReadMe.txt, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Adobe\ARM\Reader_15.023.20070\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Adobe\ARM\Reader_15.023.20070\RyukReadMe.txt, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Adobe\ARM\Reader_17.009.20058\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Adobe\ARM\Reader_17.009.20058\RyukReadMe.txt, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Adobe\ARM\Reader_17.012.20098\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Adobe\ARM\Reader_17.012.20098\RyukReadMe.txt, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Adobe\ARM\S\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Adobe\ARM\S\RyukReadMe.txt, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\RyukReadMe.txt, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Adobe\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Adobe\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_15.007.20033\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_15.023.20070\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_17.009.20058\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_17.012.20098\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Adobe\ARM\S\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Adobe\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Adobe\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Adobe\ARM\Reader_15.007.20033\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Adobe\ARM\Reader_15.023.20070\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Adobe\ARM\Reader_17.009.20058\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Adobe\ARM\S\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Adobe\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Adobe\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Adobe\ARM\Reader_15.007.20033\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Adobe\ARM\Reader_15.023.20070\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.009.20058\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Adobe\ARM\S\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Adobe\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_15.007.20033\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_15.023.20070\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.009.20058\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\S\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_15.007.20033\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_15.023.20070\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.009.20058\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\S\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_15.007.20033\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_15.023.20070\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.009.20058\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\S\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_15.007.20033\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_15.023.20070\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.009.20058\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\S\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_15.007.20033\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_15.023.20070\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.009.20058\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\S\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_15.007.20033\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_15.023.20070\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.009.20058\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\S\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_15.007.20033\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_15.023.20070\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.009.20058\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\S\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_15.007.20033\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_15.023.20070\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.009.20058\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\S\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_15.007.20033\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_15.023.20070\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.009.20058\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\S\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\DataMart\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\DeviceSync\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\DRM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\DRM\Server\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\DRM\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Event Viewer\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\IdentityCRL\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MapData\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\SmsRouter\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\WDF\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Live\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\WinMSIPC\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\WwanSvc\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft OneDrive\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\.oracle_jre_usage\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\javapath\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\javapath_target_5923062\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\SoftwareDistribution\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Templates\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOPrivate\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOPrivate\UpdateStore\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOPrivate\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\RyukReadMe.txt, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\RyukReadMe.txt, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\RyukReadMe.txt, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\RyukReadMe.txt, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\RyukReadMe.txt, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.txt, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\RyukReadMe.txt, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Integration\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\UserData\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RyukReadMe.txt, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\DSS\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\DSS\RyukReadMe.txt, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\DSS\MachineKeys\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\DSS\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\Keys\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\Keys\RyukReadMe.txt, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\PCPKSP\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = System Paging File, size = 1299 |
|
1 | |
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\PCPKSP\WindowsAIK\RyukReadMe.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
|
For performance reasons, the remaining 23399 entries are omitted.
The remaining entries can be found in glog.xml. |
|||||
Thread 0xc24
118
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Create | process_name = net, show_window = SW_HIDE |
|
1 | |
| System | Sleep | duration = 150 milliseconds (0.150 seconds) |
|
1 | |
| Process | Create | process_name = net, show_window = SW_HIDE |
|
1 | |
| System | Sleep | duration = 150 milliseconds (0.150 seconds) |
|
1 | |
| Process | Create | process_name = net, show_window = SW_HIDE |
|
1 | |
| System | Sleep | duration = 150 milliseconds (0.150 seconds) |
|
1 | |
| System | Sleep | duration = 50000 milliseconds (50.000 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Create | process_name = net, show_window = SW_HIDE |
|
1 | |
| System | Sleep | duration = 150 milliseconds (0.150 seconds) |
|
1 | |
| System | Sleep | duration = 50000 milliseconds (50.000 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Create | process_name = net, show_window = SW_HIDE |
|
1 | |
| System | Sleep | duration = 150 milliseconds (0.150 seconds) |
|
1 | |
| System | Sleep | duration = 50000 milliseconds (50.000 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Create | process_name = net, show_window = SW_HIDE |
|
1 | |
| System | Sleep | duration = 150 milliseconds (0.150 seconds) |
|
1 | |
| System | Sleep | duration = 50000 milliseconds (50.000 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Create | process_name = net, show_window = SW_HIDE |
|
1 | |
| System | Sleep | duration = 150 milliseconds (0.150 seconds) |
|
1 | |
| System | Sleep | duration = 50000 milliseconds (50.000 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Create | process_name = net, show_window = SW_HIDE |
|
1 | |
| System | Sleep | duration = 150 milliseconds (0.150 seconds) |
|
1 | |
| System | Sleep | duration = 50000 milliseconds (50.000 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Create | process_name = net, show_window = SW_HIDE |
|
1 | |
| System | Sleep | duration = 150 milliseconds (0.150 seconds) |
|
1 | |
| System | Sleep | duration = 50000 milliseconds (50.000 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Create | process_name = net, show_window = SW_HIDE |
|
1 | |
| System | Sleep | duration = 150 milliseconds (0.150 seconds) |
|
1 | |
| System | Sleep | duration = 50000 milliseconds (50.000 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Create | process_name = net, show_window = SW_HIDE |
|
1 | |
| System | Sleep | duration = 150 milliseconds (0.150 seconds) |
|
1 | |
| System | Sleep | duration = 50000 milliseconds (50.000 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Create | process_name = net, show_window = SW_HIDE |
|
1 | |
| System | Sleep | duration = 150 milliseconds (0.150 seconds) |
|
1 | |
| System | Sleep | duration = 50000 milliseconds (50.000 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Create | process_name = net, show_window = SW_HIDE |
|
1 | |
| System | Sleep | duration = 150 milliseconds (0.150 seconds) |
|
1 | |
| System | Sleep | duration = 50000 milliseconds (50.000 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Create | process_name = net, show_window = SW_HIDE |
|
1 | |
| System | Sleep | duration = 150 milliseconds (0.150 seconds) |
|
1 | |
| System | Sleep | duration = 50000 milliseconds (50.000 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Create | process_name = net, show_window = SW_HIDE |
|
1 | |
| System | Sleep | duration = 150 milliseconds (0.150 seconds) |
|
1 | |
| System | Sleep | duration = 50000 milliseconds (50.000 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Create | process_name = net, show_window = SW_HIDE |
|
1 | |
| System | Sleep | duration = 150 milliseconds (0.150 seconds) |
|
1 | |
| System | Sleep | duration = 50000 milliseconds (50.000 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Create | process_name = net, show_window = SW_HIDE |
|
1 | |
| System | Sleep | duration = 150 milliseconds (0.150 seconds) |
|
1 | |
| System | Sleep | duration = 50000 milliseconds (50.000 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Create | process_name = net, show_window = SW_HIDE |
|
1 | |
| System | Sleep | duration = 150 milliseconds (0.150 seconds) |
|
1 | |
| System | Sleep | duration = 50000 milliseconds (50.000 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Create | process_name = net, show_window = SW_HIDE |
|
1 | |
| System | Sleep | duration = 150 milliseconds (0.150 seconds) |
|
1 | |
| System | Sleep | duration = 50000 milliseconds (50.000 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Create | process_name = net, show_window = SW_HIDE |
|
1 | |
| System | Sleep | duration = 150 milliseconds (0.150 seconds) |
|
1 | |
| System | Sleep | duration = 50000 milliseconds (50.000 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Create | process_name = net, show_window = SW_HIDE |
|
1 | |
| System | Sleep | duration = 150 milliseconds (0.150 seconds) |
|
1 | |
| System | Sleep | duration = 50000 milliseconds (50.000 seconds) |
|
1 |
Thread 0xf08
96
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Create | process_name = net, show_window = SW_HIDE |
|
1 | |
| System | Sleep | duration = 150 milliseconds (0.150 seconds) |
|
1 | |
| System | Sleep | duration = 50000 milliseconds (50.000 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Create | process_name = net, show_window = SW_HIDE |
|
1 | |
| System | Sleep | duration = 150 milliseconds (0.150 seconds) |
|
1 | |
| System | Sleep | duration = 50000 milliseconds (50.000 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Create | process_name = net, show_window = SW_HIDE |
|
1 | |
| System | Sleep | duration = 150 milliseconds (0.150 seconds) |
|
1 | |
| System | Sleep | duration = 50000 milliseconds (50.000 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Create | process_name = net, show_window = SW_HIDE |
|
1 | |
| System | Sleep | duration = 150 milliseconds (0.150 seconds) |
|
1 | |
| System | Sleep | duration = 50000 milliseconds (50.000 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Create | process_name = net, show_window = SW_HIDE |
|
1 | |
| System | Sleep | duration = 150 milliseconds (0.150 seconds) |
|
1 | |
| System | Sleep | duration = 50000 milliseconds (50.000 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Create | process_name = net, show_window = SW_HIDE |
|
1 | |
| System | Sleep | duration = 150 milliseconds (0.150 seconds) |
|
1 | |
| System | Sleep | duration = 50000 milliseconds (50.000 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Create | process_name = net, show_window = SW_HIDE |
|
1 | |
| System | Sleep | duration = 150 milliseconds (0.150 seconds) |
|
1 | |
| System | Sleep | duration = 50000 milliseconds (50.000 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Create | process_name = net, show_window = SW_HIDE |
|
1 | |
| System | Sleep | duration = 150 milliseconds (0.150 seconds) |
|
1 | |
| System | Sleep | duration = 50000 milliseconds (50.000 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Create | process_name = net, show_window = SW_HIDE |
|
1 | |
| System | Sleep | duration = 150 milliseconds (0.150 seconds) |
|
1 | |
| System | Sleep | duration = 50000 milliseconds (50.000 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Create | process_name = net, show_window = SW_HIDE |
|
1 | |
| System | Sleep | duration = 150 milliseconds (0.150 seconds) |
|
1 | |
| System | Sleep | duration = 50000 milliseconds (50.000 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Create | process_name = net, show_window = SW_HIDE |
|
1 | |
| System | Sleep | duration = 150 milliseconds (0.150 seconds) |
|
1 | |
| System | Sleep | duration = 50000 milliseconds (50.000 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Create | process_name = net, show_window = SW_HIDE |
|
1 | |
| System | Sleep | duration = 150 milliseconds (0.150 seconds) |
|
1 | |
| System | Sleep | duration = 50000 milliseconds (50.000 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Create | process_name = net, show_window = SW_HIDE |
|
1 | |
| System | Sleep | duration = 150 milliseconds (0.150 seconds) |
|
1 | |
| System | Sleep | duration = 50000 milliseconds (50.000 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Create | process_name = net, show_window = SW_HIDE |
|
1 | |
| System | Sleep | duration = 150 milliseconds (0.150 seconds) |
|
1 | |
| System | Sleep | duration = 50000 milliseconds (50.000 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Create | process_name = net, show_window = SW_HIDE |
|
1 | |
| System | Sleep | duration = 150 milliseconds (0.150 seconds) |
|
1 | |
| System | Sleep | duration = 50000 milliseconds (50.000 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Create | process_name = net, show_window = SW_HIDE |
|
1 | |
| System | Sleep | duration = 150 milliseconds (0.150 seconds) |
|
1 | |
| System | Sleep | duration = 50000 milliseconds (50.000 seconds) |
|
1 |
Thread 0xeec
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Boot\BCD, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Boot\BCD, destination_filename = C:\Boot\BCD.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xe14
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Boot\BCD.LOG, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Boot\BCD.LOG, destination_filename = C:\Boot\BCD.LOG.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xe10
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Boot\BCD.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Boot\BCD.LOG1, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Boot\BCD.LOG1, destination_filename = C:\Boot\BCD.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xe1c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Boot\BCD.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Boot\BCD.LOG2, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Boot\BCD.LOG2, destination_filename = C:\Boot\BCD.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xe28
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Boot\BOOTSTAT.DAT, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Boot\BOOTSTAT.DAT, type = size, size_out = 65536 |
|
2 | |
| File | Read | filename = C:\Boot\BOOTSTAT.DAT, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Boot\BOOTSTAT.DAT, size = 65536, size_out = 65536 |
|
1 | |
| File | Write | filename = C:\Boot\BOOTSTAT.DAT, size = 65552 |
|
1 | |
| File | Write | filename = C:\Boot\BOOTSTAT.DAT, size = 6 |
|
1 | |
| File | Write | filename = C:\Boot\BOOTSTAT.DAT, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Boot\BOOTSTAT.DAT, destination_filename = C:\Boot\BOOTSTAT.DAT.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xf6c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Boot\Fonts\chs_boot.ttf, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Boot\Fonts\chs_boot.ttf, destination_filename = C:\Boot\Fonts\chs_boot.ttf.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xfb8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Boot\Fonts\cht_boot.ttf, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Boot\Fonts\cht_boot.ttf, destination_filename = C:\Boot\Fonts\cht_boot.ttf.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xf74
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Boot\Fonts\jpn_boot.ttf, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Boot\Fonts\jpn_boot.ttf, destination_filename = C:\Boot\Fonts\jpn_boot.ttf.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x628
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Boot\Fonts\kor_boot.ttf, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Boot\Fonts\kor_boot.ttf, destination_filename = C:\Boot\Fonts\kor_boot.ttf.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xef4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Boot\Fonts\malgunn_boot.ttf, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Boot\Fonts\malgunn_boot.ttf, destination_filename = C:\Boot\Fonts\malgunn_boot.ttf.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x114
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Boot\Fonts\malgun_boot.ttf, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Boot\Fonts\malgun_boot.ttf, destination_filename = C:\Boot\Fonts\malgun_boot.ttf.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xf28
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Boot\Fonts\meiryon_boot.ttf, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Boot\Fonts\meiryon_boot.ttf, destination_filename = C:\Boot\Fonts\meiryon_boot.ttf.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xf24
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Boot\Fonts\meiryo_boot.ttf, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Boot\Fonts\meiryo_boot.ttf, destination_filename = C:\Boot\Fonts\meiryo_boot.ttf.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xf10
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Boot\Fonts\msjhn_boot.ttf, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Boot\Fonts\msjhn_boot.ttf, destination_filename = C:\Boot\Fonts\msjhn_boot.ttf.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xf1c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Boot\Fonts\msjh_boot.ttf, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Boot\Fonts\msjh_boot.ttf, destination_filename = C:\Boot\Fonts\msjh_boot.ttf.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xffc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Boot\Fonts\msyhn_boot.ttf, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Boot\Fonts\msyhn_boot.ttf, destination_filename = C:\Boot\Fonts\msyhn_boot.ttf.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xf20
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Boot\Fonts\msyh_boot.ttf, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Boot\Fonts\msyh_boot.ttf, destination_filename = C:\Boot\Fonts\msyh_boot.ttf.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xf30
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Boot\Fonts\segmono_boot.ttf, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Boot\Fonts\segmono_boot.ttf, destination_filename = C:\Boot\Fonts\segmono_boot.ttf.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xf14
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Boot\Fonts\segoen_slboot.ttf, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Boot\Fonts\segoen_slboot.ttf, destination_filename = C:\Boot\Fonts\segoen_slboot.ttf.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xf0c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Boot\Fonts\segoe_slboot.ttf, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Boot\Fonts\segoe_slboot.ttf, destination_filename = C:\Boot\Fonts\segoe_slboot.ttf.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xc1c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Boot\Fonts\wgl4_boot.ttf, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Boot\Fonts\wgl4_boot.ttf, destination_filename = C:\Boot\Fonts\wgl4_boot.ttf.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xfcc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\bootmgr, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\bootmgr, destination_filename = C:\bootmgr.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xfdc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\BOOTNXT, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\BOOTNXT, type = size, size_out = 1 |
|
2 | |
| File | Move | source_filename = C:\BOOTNXT, destination_filename = C:\BOOTNXT.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xfd0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\BOOTSECT.BAK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\BOOTSECT.BAK, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\BOOTSECT.BAK, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\BOOTSECT.BAK, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\BOOTSECT.BAK, size = 8208 |
|
1 | |
| File | Write | filename = C:\BOOTSECT.BAK, size = 6 |
|
1 | |
| File | Write | filename = C:\BOOTSECT.BAK, size = 268 |
|
1 | |
| File | Move | source_filename = C:\BOOTSECT.BAK, destination_filename = C:\BOOTSECT.BAK.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xfd4
30
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp, type = size, size_out = 23506944 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp, size = 16, size_out = 16 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp, size = 0, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp, size = 16 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp, size = 10 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp, size = 268 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp, size = 16 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp, destination_filename = C:\Documents and Settings\All Users\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xfe8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp, destination_filename = C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xda8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xda4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xda0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xd9c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xd94
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xd98
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xd88
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x224
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp, type = size, size_out = 23507238 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x304
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x318
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x34c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Acrobat Reader DC.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Acrobat Reader DC.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Acrobat Reader DC.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x338
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini, type = size, size_out = 174 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini, size = 174, size_out = 174 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini, size = 176 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x274
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x98c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Active.GRL, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Active.GRL, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Active.GRL.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xfa8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Pending.GRL, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Pending.GRL, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Pending.GRL.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x36c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xf68
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xf60
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x56c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5e4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x578
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x580
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5cc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5d8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xc18
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xb74
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xf70
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x46c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x950
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xae0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xb40
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x9b8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xb90
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xba4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x9b4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x8e0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xb60
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x84c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.001.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.001.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.001.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x8d4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Acrobat Reader DC.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Acrobat Reader DC.lnk, type = size, size_out = 2130 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Acrobat Reader DC.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Acrobat Reader DC.lnk, size = 2130, size_out = 2130 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Acrobat Reader DC.lnk, size = 2144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Acrobat Reader DC.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Acrobat Reader DC.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Acrobat Reader DC.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Acrobat Reader DC.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x958
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xba8
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini, type = size, size_out = 278 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini, size = 278, size_out = 278 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini, size = 288 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xb70
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini, type = size, size_out = 380 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini, size = 380, size_out = 380 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini, size = 384 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xbac
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini, type = size, size_out = 380 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini, size = 380, size_out = 380 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini, size = 384 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7a4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini, type = size, size_out = 380 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini, size = 380, size_out = 380 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini, size = 384 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x53c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xe40
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x8ac
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x200
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x454
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_427a1946-e0ff-4097-8c9e-ca2c1e22780b, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_427a1946-e0ff-4097-8c9e-ca2c1e22780b, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7a0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x418
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events00.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events00.rbs, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events00.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x718
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events01.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events01.rbs, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events01.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x510
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events10.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events10.rbs, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events10.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xf7c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events11.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events11.rbs, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events11.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xf80
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\parse.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\parse.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\parse.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3dc
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Active.GRL, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Active.GRL, type = size, size_out = 14972 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Active.GRL, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Active.GRL, size = 14972, size_out = 14972 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Active.GRL, size = 14976 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Active.GRL, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Active.GRL, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Active.GRL, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Active.GRL.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xf84
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Pending.GRL, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Pending.GRL, type = size, size_out = 14972 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Pending.GRL, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Pending.GRL, size = 14972, size_out = 14972 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Pending.GRL, size = 14976 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Pending.GRL, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Pending.GRL, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Pending.GRL, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Pending.GRL.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xa30
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x888
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xac8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\ClickToRunPackageLocker, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\ClickToRunPackageLocker, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\ClickToRunPackageLocker.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xc28
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\countrytable.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\countrytable.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\countrytable.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xd28
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\Administrator.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\Administrator.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\Administrator.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xc88
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\CIiHmnxMn6Ps.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\CIiHmnxMn6Ps.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\CIiHmnxMn6Ps.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xc78
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.bmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.bmp, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.bmp.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xcbc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xc70
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-192.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-192.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-192.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xd8c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xcac
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-40.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-40.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-40.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xc44
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xc58
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.bmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.bmp, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.bmp.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xd58
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xe50
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xe3c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xe44
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xe4c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xe5c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xe60
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xe64
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CB, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CB, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CB.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xd78
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CC, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CC, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CC.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xe48
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE0, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE0, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE0.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xe38
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x88c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VF, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VF, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VF.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xed8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MpDiag.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MpDiag.bin, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MpDiag.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xec8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Live\WLive48x48.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Live\WLive48x48.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Live\WLive48x48.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x290
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSScan\WelcomeScan.jpg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSScan\WelcomeScan.jpg, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSScan\WelcomeScan.jpg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x470
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft OneDrive\setup\refcount.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft OneDrive\setup\refcount.ini, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft OneDrive\setup\refcount.ini.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xecc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xed0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xee4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x404
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x530
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xef0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xef8
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini, type = size, size_out = 174 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini, size = 174, size_out = 174 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini, size = 176 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x234
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access 2016.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml, type = size, size_out = 2420 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml, size = 2420, size_out = 2420 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml, size = 2432 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access 2016.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access 2016.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x798
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access.lnk, type = size, size_out = 2420 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RyukReadMe.txt, size = 2420, size_out = 2420 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RyukReadMe.txt, size = 2432 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x81c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x550
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x554
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Paint.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Paint.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Paint.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xc38
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xa58
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xf40
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xf44
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Sticky Notes.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Sticky Notes.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Sticky Notes.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xf48
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xf54
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Media Player.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Media Player.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Media Player.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xf58
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xf4c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xf50
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xf3c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\PCPKSP\WindowsAIK\RyukReadMe.txt, type = size, size_out = 1010 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\PCPKSP\WindowsAIK\RyukReadMe.txt, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\PCPKSP\WindowsAIK\RyukReadMe.txt, size = 1010, size_out = 1010 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\PCPKSP\WindowsAIK\RyukReadMe.txt, size = 1024 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\PCPKSP\WindowsAIK\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\PCPKSP\WindowsAIK\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2e8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Desktop.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Desktop.lnk, type = size, size_out = 853 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Desktop.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Desktop.lnk, size = 853, size_out = 853 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Desktop.lnk, size = 864 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Desktop.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Desktop.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Desktop.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Desktop.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xf38
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk, type = size, size_out = 2197 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk, size = 2197, size_out = 2197 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk, size = 2208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x378
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk, type = size, size_out = 2419 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk, size = 2419, size_out = 2419 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk, size = 2432 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xd44
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel.lnk, type = size, size_out = 2419 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel.lnk, size = 2419, size_out = 2419 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel.lnk, size = 2432 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xd40
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Immersive Control Panel.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Immersive Control Panel.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Immersive Control Panel.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xc80
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\About Java.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\About Java.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\About Java.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xc40
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Check For Updates.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Check For Updates.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Check For Updates.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x85c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Configure Java.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Configure Java.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Configure Java.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x40
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Get Help.url, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Get Help.url, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Get Help.url.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x60c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4f8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xc4c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\MiracastView.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\S-1-5-18\RyukReadMe.txt, type = size, size_out = 2219 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\S-1-5-18\RyukReadMe.txt, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\S-1-5-18\RyukReadMe.txt, size = 2219, size_out = 2219 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\S-1-5-18\RyukReadMe.txt, size = 2224 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\S-1-5-18\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\S-1-5-18\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\MiracastView.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\MiracastView.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xc64
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneDrive for Business.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneDrive for Business.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneDrive for Business.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x900
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneNote 2016.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneNote 2016.lnk, type = size, size_out = 2399 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneNote 2016.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneNote 2016.lnk, size = 2399, size_out = 2399 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneNote 2016.lnk, size = 2400 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneNote 2016.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneNote 2016.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneNote 2016.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneNote 2016.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xe8c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk, type = size, size_out = 2413 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk, size = 2413, size_out = 2413 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk, size = 2416 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xdfc
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\DSS\RyukReadMe.txt, type = size, size_out = 2413 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\DSS\RyukReadMe.txt, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\DSS\RyukReadMe.txt, size = 2413, size_out = 2413 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\DSS\RyukReadMe.txt, size = 2416 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\DSS\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\DSS\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xdec
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint 2016.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint 2016.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint 2016.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xde4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk, type = size, size_out = 2456 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk, size = 2456, size_out = 2456 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk, size = 2464 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xde0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk, type = size, size_out = 2199 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk, size = 2199, size_out = 2199 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk, size = 2208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xdf8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project 2016.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\RyukReadMe.txt, type = size, size_out = 2467 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\RyukReadMe.txt, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\DSS\RyukReadMe.txt, size = 2467, size_out = 2467 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\DSS\RyukReadMe.txt, size = 2480 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\DSS\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\DSS\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project 2016.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project 2016.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xe04
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project.lnk, type = size, size_out = 2174 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project.lnk, size = 2174, size_out = 2174 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project.lnk, size = 2176 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xe08
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher 2016.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher 2016.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher 2016.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xde8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml, type = size, size_out = 2407 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml, size = 2407, size_out = 2407 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml, size = 2416 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xe18
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Search.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk, type = size, size_out = 1588 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk, size = 1588, size_out = 1588 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk, size = 1600 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Search.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Search.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xdf0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business 2016.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business 2016.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business 2016.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xe00
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xd90
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\StartUp\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\StartUp\desktop.ini, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\StartUp\desktop.ini.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xc94
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xca8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xc50
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xc48
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk, type = size, size_out = 2449 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk, size = 2449, size_out = 2449 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk, size = 2464 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xd4c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio.lnk, type = size, size_out = 2158 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio.lnk, size = 2158, size_out = 2158 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio.lnk, size = 2160 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xd54
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk, type = size, size_out = 2457 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk, size = 2457, size_out = 2457 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk, size = 2464 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xd64
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word.lnk, type = size, size_out = 2457 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word.lnk, size = 2457, size_out = 2457 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word.lnk, size = 2464 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xca4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xc84
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xd74
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xd48
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xc8c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xb64
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3a0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x51c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x61c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x204
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xa84
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2bc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xb24
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xd20
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x8a0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xaec
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2f4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x270
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xec
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xc14
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x90c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7c0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xeac
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.001.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.001.etl, type = size, size_out = 4096 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.001.etl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.001.etl, size = 4096, size_out = 4096 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.001.etl, size = 4112 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.001.etl, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.001.etl, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.001.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.001.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xea8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Acrobat Reader DC.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Acrobat Reader DC.lnk.RYK, type = size, size_out = 2418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Acrobat Reader DC.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xeb8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xeb0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini.RYK, type = size, size_out = 562 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xe88
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini.RYK, type = size, size_out = 658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xe9c
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini, type = size, size_out = 658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xe84
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini.RYK, type = size, size_out = 658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xdd0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml, type = size, size_out = 1974 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml, size = 1974, size_out = 1974 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml, size = 1984 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xea4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml, type = size, size_out = 1972 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml, size = 1972, size_out = 1972 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml, size = 1984 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xddc
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml, type = size, size_out = 1382 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini.RYK, size = 1382, size_out = 1382 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini.RYK, size = 1392 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini.RYK, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini.RYK, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x63c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x820
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_427a1946-e0ff-4097-8c9e-ca2c1e22780b, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_427a1946-e0ff-4097-8c9e-ca2c1e22780b, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xa68
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7c8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x770
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\cfc.flights.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\cfc.flights.json, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\cfc.flights.json.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x76c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7cc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7bc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xbf8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x968
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5bc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events00.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events00.rbs, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events00.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x75c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events01.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events01.rbs, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events01.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x784
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events10.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events10.rbs, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events10.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xdb8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events11.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events11.rbs, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events11.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x340
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\parse.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\parse.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\parse.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x434
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Active.GRL.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Active.GRL.RYK, type = size, size_out = 15250 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Active.GRL.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xff4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Pending.GRL.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Pending.GRL.RYK, type = size, size_out = 15250 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Pending.GRL.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x82c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x764
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xc98
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\ClickToRunPackageLocker, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\ClickToRunPackageLocker, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\ClickToRunPackageLocker, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\ClickToRunPackageLocker.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7d0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\countrytable.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\countrytable.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\countrytable.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x93c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\Administrator.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\Administrator.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\Administrator.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\Administrator.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x940
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\CIiHmnxMn6Ps.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\CIiHmnxMn6Ps.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\CIiHmnxMn6Ps.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\CIiHmnxMn6Ps.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xa2c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.bmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.bmp, type = size, size_out = 802872 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.bmp, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.bmp, size = 802872, size_out = 802872 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.bmp, size = 802880 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.bmp, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.bmp, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.bmp, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.bmp.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xab0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.png, type = size, size_out = 5400 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.png, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.png, size = 5400, size_out = 5400 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.png, size = 5408 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.png, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.png, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x938
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-192.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-192.png, type = size, size_out = 2407 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-192.png, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-192.png, size = 2407, size_out = 2407 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-192.png, size = 2416 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-192.png, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-192.png, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-192.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-192.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4f0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png, type = size, size_out = 415 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png, size = 415, size_out = 415 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png, size = 416 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x934
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-40.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-40.png, type = size, size_out = 433 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-40.png, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-40.png, size = 433, size_out = 433 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-40.png, size = 448 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-40.png, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-40.png, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-40.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-40.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xdb4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png, type = size, size_out = 501 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png, size = 501, size_out = 501 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png, size = 512 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xf2c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.bmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.bmp, type = size, size_out = 802872 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.bmp, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.bmp, size = 802872, size_out = 802872 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.bmp, size = 802880 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.bmp, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.bmp, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.bmp, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.bmp.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xc60
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.png, type = size, size_out = 5400 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.png, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.png, size = 5400, size_out = 5400 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.png, size = 5408 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.png, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.png, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xf78
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xd80
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\1\0000000000000000.idx, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\1\0000000000000000.idx, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\1\0000000000000000.idx.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xf34
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\0000000000000000.idx, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\0000000000000000.idx, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\0000000000000000.idx.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xe20
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xe2c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x320
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\94\A75BFDE52F3DD8E6.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\94\A75BFDE52F3DD8E6.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\94\A75BFDE52F3DD8E6.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xec0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\3\0000000000000000.idx, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\3\0000000000000000.idx, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\3\0000000000000000.idx.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xfa4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\4\0000000000000000.idx, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\4\0000000000000000.idx, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\4\0000000000000000.idx.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xebc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xa70
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x54c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xf64
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xec4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x87c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xfa0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CB, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CB, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CB.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x910
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CC, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CC, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CC.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xfc4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE0, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE0, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE0.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xe54
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x65c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VF, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VF, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VF.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xf9c
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MpDiag.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MpDiag.bin, type = size, size_out = 112 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MpDiag.bin, size = 112, size_out = 112 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MpDiag.bin, size = 128 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MpDiag.bin, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MpDiag.bin, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MpDiag.bin, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MpDiag.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xd24
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Live\WLive48x48.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Live\WLive48x48.png, type = size, size_out = 4657 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Live\WLive48x48.png, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Live\WLive48x48.png, size = 4657, size_out = 4657 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\RyukReadMe.txt, size = 4672 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Live\WLive48x48.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Live\WLive48x48.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xa14
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\WelcomeFax.tif, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\WelcomeFax.tif, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\WelcomeFax.tif.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xa0c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSScan\WelcomeScan.jpg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSScan\WelcomeScan.jpg, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSScan\WelcomeScan.jpg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xa24
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft OneDrive\setup\refcount.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft OneDrive\setup\refcount.ini, type = size, size_out = 25 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft OneDrive\setup\refcount.ini, size = 25, size_out = 25 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft OneDrive\setup\refcount.ini, size = 32 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft OneDrive\setup\refcount.ini, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft OneDrive\setup\refcount.ini, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft OneDrive\setup\refcount.ini, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft OneDrive\setup\refcount.ini.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x9f8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xb08
82
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, type = size, size_out = 82551925 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, size = 16, size_out = 16 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, size = 0, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, size = 16 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, size = 11 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, size = 268 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, size = 16 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xf5c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x150
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xfec
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xae8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x528
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x728
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access 2016.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access 2016.lnk, type = size, size_out = 2706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access 2016.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access 2016.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access 2016.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access 2016.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access 2016.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x610
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access.lnk.RYK, type = size, size_out = 2706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xc04
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Desktop.ini, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Desktop.ini, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Desktop.ini, size = 370, size_out = 370 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Desktop.ini, size = 384 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Desktop.ini, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Desktop.ini, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Desktop.ini, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Desktop.ini.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x518
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Speech Recognition.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Speech Recognition.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Speech Recognition.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x490
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini, type = size, size_out = 1472 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini, size = 1472, size_out = 1472 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini, size = 1488 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x248
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk, type = size, size_out = 1182 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk, size = 1182, size_out = 1182 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk, size = 1184 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xac4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Paint.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Paint.lnk, type = size, size_out = 1114 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Paint.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Paint.lnk, size = 1114, size_out = 1114 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Paint.lnk, size = 1120 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Paint.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Paint.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Paint.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Paint.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xa38
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x384
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk, type = size, size_out = 1134 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk, size = 1134, size_out = 1134 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk, size = 1136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xb80
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk, type = size, size_out = 1096 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk, size = 1096, size_out = 1096 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk, size = 1104 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7d4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Sticky Notes.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Sticky Notes.lnk, type = size, size_out = 1193 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Sticky Notes.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\RyukReadMe.txt, size = 1193, size_out = 1193 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\RyukReadMe.txt, size = 1200 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Sticky Notes.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Sticky Notes.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xd68
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\Character Map.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\Character Map.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\Character Map.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x11c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\desktop.ini, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\desktop.ini.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x83c
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini, type = size, size_out = 186 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini, size = 186, size_out = 186 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini, size = 192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xc30
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xa1c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xf04
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Media Player.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Media Player.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Media Player.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7b4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk, type = size, size_out = 1154 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk, size = 1154, size_out = 1154 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk, size = 1168 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x854
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk, type = size, size_out = 1122 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk, size = 1122, size_out = 1122 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk, size = 1136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xcc0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk, type = size, size_out = 2457 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini.RYK, size = 2457, size_out = 2457 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini.RYK, size = 2464 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini.RYK, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini.RYK, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xca0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Component Services.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Component Services.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Component Services.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xee0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Computer Management.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Computer Management.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Computer Management.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x808
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini, type = size, size_out = 2598 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini, size = 2598, size_out = 2598 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini, size = 2608 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7d8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk, type = size, size_out = 1158 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk, size = 1158, size_out = 1158 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk, size = 1168 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4d0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x774
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Event Viewer.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Event Viewer.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Event Viewer.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x858
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x8a8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x954
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x7b0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xcb0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xd84
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xe24
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xefc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xff8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk, type = size, size_out = 1158 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk, size = 1158, size_out = 1158 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk, size = 1168 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x780
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Configuration.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Configuration.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Configuration.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xf94
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Information.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Information.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Information.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xf00
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xb7c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xee8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini.RYK, type = size, size_out = 1298 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x790
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Desktop.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Desktop.lnk.RYK, type = size, size_out = 1138 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Desktop.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xa00
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk, type = size, size_out = 2482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1004
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk, type = size, size_out = 2706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1008
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini, type = size, size_out = 2706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini, size = 25, size_out = 25 |
|
1 |
Thread 0x100c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Immersive Control Panel.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Immersive Control Panel.lnk, type = size, size_out = 2349 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Immersive Control Panel.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk, size = 2349, size_out = 2349 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk, size = 2352 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Immersive Control Panel.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Immersive Control Panel.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1010
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\About Java.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\About Java.lnk, type = size, size_out = 2096 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\About Java.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\About Java.lnk, size = 2096, size_out = 2096 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\About Java.lnk, size = 2112 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\About Java.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\About Java.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\About Java.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\About Java.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1014
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Check For Updates.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Check For Updates.lnk, type = size, size_out = 2114 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Check For Updates.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Check For Updates.lnk, size = 2114, size_out = 2114 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Check For Updates.lnk, size = 2128 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Check For Updates.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Check For Updates.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1018
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Configure Java.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Configure Java.lnk, type = size, size_out = 2072 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Configure Java.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Configure Java.lnk, size = 2072, size_out = 2072 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Configure Java.lnk, size = 2080 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Configure Java.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Configure Java.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Configure Java.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Configure Java.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x101c
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Get Help.url, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Get Help.url, type = size, size_out = 180 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Get Help.url, size = 180, size_out = 180 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Get Help.url, size = 192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Get Help.url, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Get Help.url, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Get Help.url, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Get Help.url.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1020
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url, type = size, size_out = 176 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url, size = 176, size_out = 176 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url, size = 192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1024
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini, type = size, size_out = 170 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini, size = 170, size_out = 170 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini, size = 176 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1028
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Database Compare 2016.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Database Compare 2016.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Database Compare 2016.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x102c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Language Preferences.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Language Preferences.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Language Preferences.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1030
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1034
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1038
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Skype for Business Recording Manager.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Skype for Business Recording Manager.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Skype for Business Recording Manager.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x103c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1040
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Dashboard for Office 2016.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Dashboard for Office 2016.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Dashboard for Office 2016.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1044
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Log for Office 2016.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Log for Office 2016.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Log for Office 2016.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1048
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\MiracastView.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\MiracastView.lnk, type = size, size_out = 2498 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\MiracastView.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\MiracastView.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\MiracastView.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\MiracastView.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\MiracastView.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x104c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneDrive for Business.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneDrive for Business.lnk, type = size, size_out = 2206 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneDrive for Business.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneDrive for Business.lnk, size = 2206, size_out = 2206 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneDrive for Business.lnk, size = 2208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneDrive for Business.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneDrive for Business.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneDrive for Business.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneDrive for Business.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1050
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneNote 2016.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini, type = size, size_out = 2674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneNote 2016.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneNote 2016.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneNote 2016.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneNote 2016.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1054
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1058
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook.lnk.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x105c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint 2016.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint 2016.lnk, type = size, size_out = 2456 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint 2016.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint 2016.lnk, size = 2456, size_out = 2456 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint 2016.lnk, size = 2464 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint 2016.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint 2016.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint 2016.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint 2016.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1060
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1064
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk, type = size, size_out = 2482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1068
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project 2016.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project 2016.lnk, type = size, size_out = 2754 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project 2016.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project 2016.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project 2016.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project 2016.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project 2016.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x106c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project.lnk.RYK, type = size, size_out = 2450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1070
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher 2016.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher 2016.lnk, type = size, size_out = 2407 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher 2016.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher 2016.lnk, size = 2407, size_out = 2407 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher 2016.lnk, size = 2416 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher 2016.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher 2016.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher 2016.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher 2016.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1074
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher.lnk, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1078
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Search.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Search.lnk.RYK, type = size, size_out = 1874 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Search.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1084
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business 2016.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business 2016.lnk, type = size, size_out = 2462 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business 2016.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business 2016.lnk, size = 2462, size_out = 2462 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business 2016.lnk, size = 2464 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business 2016.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business 2016.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business 2016.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business 2016.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1088
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk, type = size, size_out = 2462 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk, size = 2462, size_out = 2462 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk, size = 2464 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x108c
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\StartUp\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\StartUp\desktop.ini, type = size, size_out = 174 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\StartUp\desktop.ini, size = 174, size_out = 174 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\StartUp\desktop.ini, size = 176 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\StartUp\desktop.ini, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\StartUp\desktop.ini, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\StartUp\desktop.ini, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\StartUp\desktop.ini.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1090
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk, type = size, size_out = 1251 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk, size = 1251, size_out = 1251 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk, size = 1264 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1094
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini, size = 450, size_out = 450 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini, size = 464 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1098
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk, type = size, size_out = 1120 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk, size = 1120, size_out = 1120 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk, size = 1136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x109c
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x10a0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio.lnk.RYK, type = size, size_out = 2434 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x10a4
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x10a8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x10ac
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x10b0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl, type = size, size_out = 16384 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl, size = 16384, size_out = 16384 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl, size = 16400 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x10b4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl, type = size, size_out = 16384 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl, size = 16384, size_out = 16384 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl, size = 16400 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x10b8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl, type = size, size_out = 16384 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl, size = 16384, size_out = 16384 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl, size = 16400 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x10bc
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl, type = size, size_out = 16384 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl, size = 16384, size_out = 16384 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl, size = 16400 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x10c0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl, type = size, size_out = 16384 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl, size = 16384, size_out = 16384 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl, size = 16400 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x10c4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl, type = size, size_out = 16384 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl, size = 16384, size_out = 16384 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl, size = 16400 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x10c8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl, type = size, size_out = 16384 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl, size = 16384, size_out = 16384 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl, size = 16400 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x10cc
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl, type = size, size_out = 16384 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl, size = 16384, size_out = 16384 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl, size = 16400 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x10d0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk, type = size, size_out = 16384 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk, size = 16384, size_out = 16384 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk, size = 16400 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x10d4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl, type = size, size_out = 16384 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl, size = 16384, size_out = 16384 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl, size = 16400 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x10d8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl, type = size, size_out = 16384 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl, size = 16384, size_out = 16384 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl, size = 16400 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x10dc
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl, type = size, size_out = 16384 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl, size = 16384, size_out = 16384 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl, size = 16400 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x10e0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl, type = size, size_out = 16384 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl, size = 16384, size_out = 16384 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl, size = 16400 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x10e4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl, type = size, size_out = 16384 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl, size = 16384, size_out = 16384 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl, size = 16400 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x10e8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl, type = size, size_out = 16384 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl, size = 16384, size_out = 16384 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl, size = 16400 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x10ec
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl, type = size, size_out = 16384 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl, size = 16384, size_out = 16384 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl, size = 16400 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x10f0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl, type = size, size_out = 16384 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl, size = 16384, size_out = 16384 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl, size = 16400 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x10f4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl, type = size, size_out = 16384 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl, size = 16384, size_out = 16384 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl, size = 16400 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x10f8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl, type = size, size_out = 4096 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl, size = 4096, size_out = 4096 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl, size = 4112 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x10fc
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1100
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1104
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.001.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.001.etl.RYK, type = size, size_out = 4386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.001.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1108
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Acrobat Reader DC.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Acrobat Reader DC.lnk.RYK, type = size, size_out = 2418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Acrobat Reader DC.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x110c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1110
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini.RYK, type = size, size_out = 562 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1114
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini.RYK, type = size, size_out = 658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1118
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini.RYK, type = size, size_out = 658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x111c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini.RYK, type = size, size_out = 658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1144
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\MasterDescriptor.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\MasterDescriptor.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\MasterDescriptor.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1148
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\s641033.hash, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\s641033.hash, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\s641033.hash.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x114c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\stream.x64.en-us.man.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\stream.x64.en-us.man.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\stream.x64.en-us.man.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1158
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\MasterDescriptor.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\MasterDescriptor.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\MasterDescriptor.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x115c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\s641033.hash, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\s641033.hash, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\s641033.hash.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1160
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\stream.x64.en-us.man.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\stream.x64.en-us.man.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\stream.x64.en-us.man.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1164
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml.RYK, type = size, size_out = 2258 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1168
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml.RYK, type = size, size_out = 2258 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x116c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml.RYK, type = size, size_out = 1666 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1194
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1198
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x119c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x11a0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x11a4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x11a8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x11ac
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x11b0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x11b4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x11b8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x11bc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x11c0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x11c4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x11c8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x11cc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x11d0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x11d4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x11d8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x11dc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x11e0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x11e4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x11e8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x11ec
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x11f0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x11f4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x11f8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x11fc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1200
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1204
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1208
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x120c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1210
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x121c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1220
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1224
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1228
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x122c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1230
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1234
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates Logon.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates Logon.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates Logon.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1238
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x123c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerLogon.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerLogon.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerLogon.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1240
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1244
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1248
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x124c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1250
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1254
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1258
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_427a1946-e0ff-4097-8c9e-ca2c1e22780b, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_427a1946-e0ff-4097-8c9e-ca2c1e22780b, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x125c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1270
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1274
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1278
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x127c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1280
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1284
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1288
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x128c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1290
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x129c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x12a0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x12a4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x12a8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x12ac
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x12b0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x12b4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_settings.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_settings.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_settings.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x12b8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x12c0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static, type = size, size_out = 2618 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static, size = 2618, size_out = 2618 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static, size = 2624 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x12c8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\cfc.flights.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\cfc.flights.json, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\cfc.flights.json.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x12cc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x12d0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x12d4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x12d8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk, type = size, size_out = 1357 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\SoftLandingStage\RyukReadMe.txt, size = 1357, size_out = 1357 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\SoftLandingStage\RyukReadMe.txt, size = 1360 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\SoftLandingStage\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\SoftLandingStage\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x12dc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x12e0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events00.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events00.rbs, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events00.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x12e4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events01.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events01.rbs, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events01.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x12e8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events10.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events10.rbs, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events10.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x12f0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events11.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events11.rbs, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events11.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x12f4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\parse.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\parse.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\parse.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x12fc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Active.GRL.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Active.GRL.RYK, type = size, size_out = 15250 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Active.GRL.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1300
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Pending.GRL.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Pending.GRL.RYK, type = size, size_out = 15250 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Pending.GRL.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1308
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x130c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x131c
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\ClickToRunPackageLocker.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\ClickToRunPackageLocker.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x1320
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\countrytable.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\countrytable.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\countrytable.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1324
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1328
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x132c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1330
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1334
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x133c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1340
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1344
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1348
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1354
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1358
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x135c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1360
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1364
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1368
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x136c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1370
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1374
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1378
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\customizations.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\customizations.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\customizations.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x137c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1380
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1384
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1388
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\MasterDatastore.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\MasterDatastore.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\MasterDatastore.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x138c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1390
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\customizations.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\customizations.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\customizations.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1394
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\MasterDatastore.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\MasterDatastore.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\MasterDatastore.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1398
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x139c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x13a0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x13ac
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x13b0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\customizations.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\customizations.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\customizations.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x13b4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\MasterDatastore.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\MasterDatastore.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\MasterDatastore.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x13b8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x13bc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x13c0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\MasterDatastore.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\MasterDatastore.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\MasterDatastore.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x13c4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x13c8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\customizations.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\customizations.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\customizations.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x13cc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\MasterDatastore.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\MasterDatastore.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\MasterDatastore.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x13d0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x13d4
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\Administrator.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\Administrator.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x13d8
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\CIiHmnxMn6Ps.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\CIiHmnxMn6Ps.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x13dc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.bmp.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.bmp.RYK, type = size, size_out = 803154 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.bmp.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x13e0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.png.RYK, type = size, size_out = 5682 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x13e4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-192.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-192.png.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-192.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x13e8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png.RYK, type = size, size_out = 690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x13ec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-40.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-40.png.RYK, type = size, size_out = 722 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-40.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x13f0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png.RYK, type = size, size_out = 786 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x13f4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.bmp.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.bmp.RYK, type = size, size_out = 803154 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.bmp.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x13f8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.png.RYK, type = size, size_out = 5682 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x13fc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1124
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1150
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x112c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol, type = size, size_out = 444 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol, size = 444, size_out = 444 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol, size = 448 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x107c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsBase.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsBase.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsBase.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1138
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsDlta.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsDlta.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsDlta.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x113c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvBase.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvBase.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvBase.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1128
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvDlta.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvDlta.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvDlta.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1120
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisBase.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisBase.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisBase.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x117c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisFull.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisFull.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisFull.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x118c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Network Inspection System\Support\NisLog.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Network Inspection System\Support\NisLog.txt, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Network Inspection System\Support\NisLog.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1218
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\CacheManager\MpScanCache-1.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\CacheManager\MpScanCache-1.bin, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\CacheManager\MpScanCache-1.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1298
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\00\192, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\00\192, type = size, size_out = 136 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\00\192, size = 136, size_out = 136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\00\192, size = 144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\00\192, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\00\192, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\00\192, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\00\192.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xb38
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\198, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\198, type = size, size_out = 136 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\198, size = 136, size_out = 136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\198, size = 144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\198, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\198, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\198, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\198.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xe80
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\263, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\263, type = size, size_out = 136 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\263, size = 136, size_out = 136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\263, size = 144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\263, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\263, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\263, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\263.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xe94
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\271, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\271, type = size, size_out = 136 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\271, size = 136, size_out = 136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\271, size = 144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\271, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\271, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\271, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\271.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x208
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\02\303, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\02\303, type = size, size_out = 168 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\02\303, size = 168, size_out = 168 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\02\303, size = 176 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\02\303, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\02\303, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\02\303, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\02\303.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1fc
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\03\324, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\03\324, type = size, size_out = 136 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\03\324, size = 136, size_out = 136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\03\324, size = 144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\03\324, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\03\324, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\03\324, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\03\324.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2dc
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\259, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\259, type = size, size_out = 136 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\259, size = 136, size_out = 136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\259, size = 144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\259, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\259, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\259, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\259.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3d8
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\261, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\261, type = size, size_out = 136 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\261, size = 136, size_out = 136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\261, size = 144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\261, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\261, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\261, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\261.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x344
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\191, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\191, type = size, size_out = 136 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\191, size = 136, size_out = 136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\191, size = 144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\191, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\191, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\191, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\191.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5e0
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\199, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\199, type = size, size_out = 136 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\199, size = 136, size_out = 136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\199, size = 144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\199, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\199, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\199, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\199.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x8b0
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\317, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\317, type = size, size_out = 136 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\317, size = 136, size_out = 136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\317, size = 144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\317, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\317, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\317, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\317.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x700
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\06\13710, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\06\13710, type = size, size_out = 136 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\06\13710, size = 136, size_out = 136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\06\13710, size = 144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\06\13710, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\06\13710, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\06\13710, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\06\13710.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x584
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\07\273, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\07\273, type = size, size_out = 136 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\07\273, size = 136, size_out = 136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\07\273, size = 144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\07\273, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\07\273, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\07\273, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\07\273.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x778
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\13711, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\13711, type = size, size_out = 136 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\13711, size = 136, size_out = 136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\13711, size = 144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\13711, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\13711, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\13711, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\13711.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x95c
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\238, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\238, type = size, size_out = 136 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\238, size = 136, size_out = 136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\238, size = 144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\238, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\238, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\238, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\238.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x830
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\287, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\287, type = size, size_out = 136 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\287, size = 136, size_out = 136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\287, size = 144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\287, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\287, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\287, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\287.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6ec
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\197, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\14\9664, type = size, size_out = 136 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\14\9664, size = 136, size_out = 136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\14\9664, size = 144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\14\9664, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\14\9664, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\197, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\197.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x64c
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\267, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\267, type = size, size_out = 136 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\267, size = 136, size_out = 136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\267, size = 144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\267, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\267, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\267, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\267.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x634
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\286, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\286, type = size, size_out = 136 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\286, size = 136, size_out = 136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\286, size = 144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\286, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\286, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\286, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\286.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6fc
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\11\200, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\328, type = size, size_out = 136 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\328, size = 136, size_out = 136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\328, size = 144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\328, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\328, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\11\200, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\11\200.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x72c
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\12\194, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\12\194, type = size, size_out = 136 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\12\194, size = 136, size_out = 136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\12\194, size = 144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\12\194, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\12\194, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\12\194, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\12\194.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3e4
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\13\278, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\13\278, type = size, size_out = 136 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\13\278, size = 136, size_out = 136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\13\278, size = 144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\13\278, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\13\278, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\13\278, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\13\278.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x14c
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\14\9664, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\14\9664, type = size, size_out = 136 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\14\9664, size = 136, size_out = 136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\14\9664, size = 144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\14\9664, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\14\9664, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\14\9664, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\14\9664.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xfc
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\13712, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\287, type = size, size_out = 136 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\287, size = 136, size_out = 136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\287, size = 144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\287, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\287, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\13712, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\13712.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xe0c
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\196, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\196, type = size, size_out = 136 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\196, size = 136, size_out = 136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\196, size = 144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\196, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\196, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\196, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\196.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x126c
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\262, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\262, type = size, size_out = 136 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\262, size = 136, size_out = 136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\262, size = 144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\262, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\262, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\262, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\262.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x12ec
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\288, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\288, type = size, size_out = 136 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\288, size = 136, size_out = 136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\288, size = 144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\288, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\288, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\288, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\288.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1338
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\193, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\193, type = size, size_out = 136 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\193, size = 136, size_out = 136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\193, size = 144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\193, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\193, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\193, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\193.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1268
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\300, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\300, type = size, size_out = 136 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\300, size = 136, size_out = 136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\300, size = 144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\300, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\300, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\300, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\300.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1174
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107001, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107001, type = size, size_out = 136 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107001, size = 136, size_out = 136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107001, size = 144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107001, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107001, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107001, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107001.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1184
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107002, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107002, type = size, size_out = 136 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107002, size = 136, size_out = 136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107002, size = 144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107002, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107002, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107002, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107002.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1214
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\195, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\195, type = size, size_out = 136 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\195, size = 136, size_out = 136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\195, size = 144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\195, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\195, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\195, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\195.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x96c
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\266, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\266, type = size, size_out = 136 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\266, size = 136, size_out = 136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\266, size = 144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\266, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\266, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\266, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\266.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xdd4
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\272, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\272, type = size, size_out = 136 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\272, size = 136, size_out = 136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\272, size = 144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\272, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\272, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\272, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\272.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x368
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\328, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\328, type = size, size_out = 136 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\328, size = 136, size_out = 136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\328, size = 144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\328, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\328, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\328, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\328.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xb68
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\20\189, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\20\189, type = size, size_out = 136 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\20\189, size = 136, size_out = 136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\20\189, size = 144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\20\189, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\20\189, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\20\189, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\20\189.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xb18
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\13719, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\13719, type = size, size_out = 136 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\13719, size = 136, size_out = 136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\13719, size = 144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\13719, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\13719, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\13719, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\13719.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6a8
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\260, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\260, type = size, size_out = 136 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\260, size = 136, size_out = 136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\260, size = 144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\260, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\260, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\260, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\260.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xdc4
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\22\323, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\22\323, type = size, size_out = 136 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\22\323, size = 136, size_out = 136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\22\323, size = 144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\22\323, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\22\323, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\22\323, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\22\323.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x998
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log, type = size, size_out = 24 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1170
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\1\0000000000000000.idx, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\1\0000000000000000.idx, type = size, size_out = 80 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\1\0000000000000000.idx, size = 80, size_out = 80 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\1\0000000000000000.idx, size = 96 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\1\0000000000000000.idx, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\1\0000000000000000.idx, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\1\0000000000000000.idx, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\1\0000000000000000.idx.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x13a8
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\0000000000000000.idx, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\0000000000000000.idx, type = size, size_out = 80 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\0000000000000000.idx, size = 80, size_out = 80 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\0000000000000000.idx, size = 96 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\0000000000000000.idx, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\0000000000000000.idx, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\0000000000000000.idx, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\0000000000000000.idx.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1190
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat, type = size, size_out = 233 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat, size = 233, size_out = 233 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat, size = 240 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1180
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat, type = size, size_out = 448 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat, size = 448, size_out = 448 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat, size = 464 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xd6c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\94\A75BFDE52F3DD8E6.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\94\A75BFDE52F3DD8E6.dat, type = size, size_out = 358 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\94\A75BFDE52F3DD8E6.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\94\A75BFDE52F3DD8E6.dat, size = 358, size_out = 358 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\94\A75BFDE52F3DD8E6.dat, size = 368 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\94\A75BFDE52F3DD8E6.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\94\A75BFDE52F3DD8E6.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\94\A75BFDE52F3DD8E6.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\94\A75BFDE52F3DD8E6.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x984
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\3\0000000000000000.idx, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\3\0000000000000000.idx, type = size, size_out = 80 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\3\0000000000000000.idx, size = 80, size_out = 80 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\3\0000000000000000.idx, size = 96 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\3\0000000000000000.idx, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\3\0000000000000000.idx, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\3\0000000000000000.idx, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\3\0000000000000000.idx.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4f4
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\4\0000000000000000.idx, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\4\0000000000000000.idx, type = size, size_out = 80 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\4\0000000000000000.idx, size = 80, size_out = 80 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\4\0000000000000000.idx, size = 96 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\4\0000000000000000.idx, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\4\0000000000000000.idx, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\4\0000000000000000.idx, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\4\0000000000000000.idx.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x9a4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x9a8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x9ac
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1178
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x994
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x9a0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x9c0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CB, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CB, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CB.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x9bc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CC, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CC, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CC.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x9c4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE0, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE0, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE0.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x9c8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x9d0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VF, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VF, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VF.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xb0c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MpDiag.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MpDiag.bin.RYK, type = size, size_out = 402 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MpDiag.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xb34
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Live\WLive48x48.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Live\WLive48x48.png.RYK, type = size, size_out = 4946 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Live\WLive48x48.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xb1c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\confident.cov, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\confident.cov, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\confident.cov.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x9b0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\fyi.cov, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\fyi.cov, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\fyi.cov.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x990
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\generic.cov, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\generic.cov, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\generic.cov.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xb94
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\urgent.cov, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\urgent.cov, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\urgent.cov.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x99c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\WelcomeFax.tif, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\WelcomeFax.tif, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\WelcomeFax.tif.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xb98
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSScan\WelcomeScan.jpg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSScan\WelcomeScan.jpg, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSScan\WelcomeScan.jpg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xb9c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft OneDrive\setup\refcount.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft OneDrive\setup\refcount.ini.RYK, type = size, size_out = 306 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft OneDrive\setup\refcount.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xbb0
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp, type = size, size_out = 51 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp, size = 51, size_out = 51 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp, size = 64 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xba0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8.RYK, type = size, size_out = 82552220 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xbb4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm, type = size, size_out = 642 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm, size = 642, size_out = 642 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm, size = 656 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xbb8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm, type = size, size_out = 654 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm, size = 654, size_out = 654 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm, size = 656 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xbbc
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm, type = size, size_out = 758 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm, size = 758, size_out = 758 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm, size = 768 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xbc0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm, type = size, size_out = 642 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm, size = 642, size_out = 642 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm, size = 656 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xbc4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm, type = size, size_out = 766 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\RyukReadMe.txt, size = 766, size_out = 766 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\RyukReadMe.txt, size = 768 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xbc8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm, type = size, size_out = 654 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm, size = 654, size_out = 654 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm, size = 656 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xbcc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xbd0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xbd4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xbd8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xbdc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xbe0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access 2016.lnk.RYK, type = size, size_out = 2706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xbe4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access.lnk.RYK, type = size, size_out = 2706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xbe8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Desktop.ini.RYK, type = size, size_out = 658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xbec
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Speech Recognition.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Speech Recognition.lnk, type = size, size_out = 1244 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Speech Recognition.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk, size = 1244, size_out = 1244 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk, size = 1248 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Speech Recognition.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Speech Recognition.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xbf0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini.RYK, type = size, size_out = 1762 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xbf4
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk, type = size, size_out = 1458 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xc08
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Paint.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Computer Management.lnk, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Computer Management.lnk, size = 25, size_out = 25 |
|
1 |
Thread 0xbfc
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk, type = size, size_out = 1215 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk, size = 1215, size_out = 1215 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk, size = 1216 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xc10
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xc20
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk, type = size, size_out = 1378 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xc54
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Sticky Notes.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Sticky Notes.lnk.RYK, type = size, size_out = 1474 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Sticky Notes.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xd70
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\Character Map.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\Character Map.lnk, type = size, size_out = 1114 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\Character Map.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\Character Map.lnk, size = 1114, size_out = 1114 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\Character Map.lnk, size = 1120 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\Character Map.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\Character Map.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\Character Map.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\Character Map.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2e0
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\desktop.ini, type = size, size_out = 85 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\desktop.ini, size = 85, size_out = 85 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\desktop.ini, size = 96 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\desktop.ini, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\desktop.ini, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\desktop.ini, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\desktop.ini.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1f4
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini, type = size, size_out = 466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xa90
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk, type = size, size_out = 1156 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk, size = 1156, size_out = 1156 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk, size = 1168 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x484
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Component Services.lnk, type = size, size_out = 1096 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Component Services.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Component Services.lnk, size = 1096, size_out = 1096 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Component Services.lnk, size = 1104 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Component Services.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Component Services.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xc68
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Media Player.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk.RYK, type = size, size_out = 1347 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk.RYK, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk.RYK, size = 1347, size_out = 1347 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk.RYK, size = 1360 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk.RYK, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk.RYK, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Media Player.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Media Player.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1350
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x13a4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1264
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x12c4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Component Services.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Component Services.lnk, type = size, size_out = 1116 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Component Services.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Component Services.lnk, size = 1116, size_out = 1116 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Component Services.lnk, size = 1120 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Component Services.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Component Services.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Component Services.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Component Services.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x134c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Computer Management.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Computer Management.lnk, type = size, size_out = 1164 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Computer Management.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Computer Management.lnk, size = 1164, size_out = 1164 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Computer Management.lnk, size = 1168 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Computer Management.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Computer Management.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Computer Management.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Computer Management.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1310
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini, type = size, size_out = 2882 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x12f8
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Component Services.lnk, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Component Services.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1260
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk.RYK, type = size, size_out = 1116 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk.RYK, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk.RYK, size = 1116, size_out = 1116 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk.RYK, size = 1120 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk.RYK, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk.RYK, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x12bc
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Event Viewer.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk, type = size, size_out = 1168 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk, size = 1168, size_out = 1168 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk, size = 1184 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Event Viewer.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Event Viewer.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1294
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk, type = size, size_out = 1144 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk, size = 1144, size_out = 1144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk, size = 1152 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x69c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk, type = size, size_out = 1140 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk, size = 1140, size_out = 1140 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk, size = 1152 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5f0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x91c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xab4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk, type = size, size_out = 1104 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk, size = 1104, size_out = 1104 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk, size = 1120 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x508
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk, type = size, size_out = 1118 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk, size = 1118, size_out = 1118 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk, size = 1120 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x464
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk, type = size, size_out = 1108 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk, size = 1108, size_out = 1108 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk, size = 1120 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x440
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xd30
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2c8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Configuration.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk, type = size, size_out = 1116 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk, size = 1116, size_out = 1116 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk, size = 1120 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Configuration.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Configuration.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xb84
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Information.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk, type = size, size_out = 1114 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk, size = 1114, size_out = 1114 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk, size = 1120 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Information.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Information.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x45c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk, type = size, size_out = 1132 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk, size = 1132, size_out = 1132 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk, size = 1136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xc6c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x424
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini.RYK, type = size, size_out = 1298 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xdc8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Desktop.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Desktop.lnk.RYK, type = size, size_out = 1138 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Desktop.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xd50
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk.RYK, type = size, size_out = 2482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x230
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk.RYK, type = size, size_out = 2706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xc9c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel.lnk.RYK, type = size, size_out = 2706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xd5c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Immersive Control Panel.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Immersive Control Panel.lnk.RYK, type = size, size_out = 2626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Immersive Control Panel.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xcb8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\About Java.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\About Java.lnk.RYK, type = size, size_out = 2386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\About Java.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xd38
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Check For Updates.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Check For Updates.lnk.RYK, type = size, size_out = 2402 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Check For Updates.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xd34
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Configure Java.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Configure Java.lnk.RYK, type = size, size_out = 2354 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Configure Java.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xedc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Get Help.url.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Get Help.url.RYK, type = size, size_out = 466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Get Help.url.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1404
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url.RYK, type = size, size_out = 466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1408
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x140c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Database Compare 2016.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Database Compare 2016.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Database Compare 2016.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1410
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Language Preferences.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Language Preferences.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Language Preferences.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1414
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1418
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x141c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Skype for Business Recording Manager.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Skype for Business Recording Manager.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Skype for Business Recording Manager.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1420
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1424
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Dashboard for Office 2016.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Dashboard for Office 2016.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Dashboard for Office 2016.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1428
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Log for Office 2016.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Log for Office 2016.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Log for Office 2016.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x142c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\MiracastView.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\MiracastView.lnk.RYK, type = size, size_out = 2498 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\MiracastView.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1430
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneDrive for Business.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneDrive for Business.lnk.RYK, type = size, size_out = 2482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneDrive for Business.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1434
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneNote 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneNote 2016.lnk.RYK, type = size, size_out = 2674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneNote 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1438
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x143c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook.lnk.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1440
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint 2016.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1444
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1448
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk.RYK, type = size, size_out = 2482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x144c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project 2016.lnk.RYK, type = size, size_out = 2754 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1450
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project.lnk.RYK, type = size, size_out = 2450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1454
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher 2016.lnk.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1458
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher.lnk.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x145c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Search.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Search.lnk.RYK, type = size, size_out = 1874 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Search.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1460
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business 2016.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1464
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1468
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\StartUp\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\StartUp\desktop.ini.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\StartUp\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x146c
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk, type = size, size_out = 1538 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1470
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini.RYK, type = size, size_out = 738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1474
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1484
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1488
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio.lnk.RYK, type = size, size_out = 2434 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x148c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1490
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1494
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1498
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x14a0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x14a4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x14a8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x14ac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x14b0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x14b4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x14b8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x14bc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x14c0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x14c4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x14c8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x14cc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x14d0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x14d4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x14d8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x14dc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x14e0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x14e4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl.RYK, type = size, size_out = 4386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x14e8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x14ec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x14f0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.001.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.001.etl.RYK, type = size, size_out = 4386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.001.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x14f4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Acrobat Reader DC.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Acrobat Reader DC.lnk.RYK, type = size, size_out = 2418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Acrobat Reader DC.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x14f8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x14fc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini.RYK, type = size, size_out = 562 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1500
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl.RYK, type = size, size_out = 658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1508
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini.RYK, type = size, size_out = 658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x150c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini.RYK, type = size, size_out = 658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x151c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\MasterDescriptor.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\MasterDescriptor.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\MasterDescriptor.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1520
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\s641033.hash, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\s641033.hash, type = size, size_out = 102 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\s641033.hash, size = 102, size_out = 102 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\s641033.hash, size = 112 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\s641033.hash, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\s641033.hash, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\s641033.hash, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\s641033.hash.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1524
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\stream.x64.en-us.man.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\stream.x64.en-us.man.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\stream.x64.en-us.man.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1538
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\MasterDescriptor.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\MasterDescriptor.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\MasterDescriptor.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x153c
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\s640.hash, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\s640.hash, type = size, size_out = 102 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\s640.hash, size = 102, size_out = 102 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\s640.hash, size = 112 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\s640.hash, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\s640.hash, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\s640.hash, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\s640.hash.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1540
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\stream.x64.x-none.man.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\stream.x64.x-none.man.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\stream.x64.x-none.man.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1544
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\MasterDescriptor.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\MasterDescriptor.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\MasterDescriptor.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1548
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\s641033.hash, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\s641033.hash, type = size, size_out = 102 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\s641033.hash, size = 102, size_out = 102 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\s641033.hash, size = 112 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\s641033.hash, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\s641033.hash, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\s641033.hash, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\s641033.hash.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x154c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\stream.x64.en-us.man.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\stream.x64.en-us.man.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\stream.x64.en-us.man.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1564
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\MasterDescriptor.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\MasterDescriptor.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\MasterDescriptor.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1568
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\s640.hash, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\s640.hash, type = size, size_out = 102 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\s640.hash, size = 102, size_out = 102 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\s640.hash, size = 112 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\s640.hash, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\s640.hash, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\s640.hash, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\s640.hash.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x156c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\stream.x64.x-none.man.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\stream.x64.x-none.man.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\stream.x64.x-none.man.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1570
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml.RYK, type = size, size_out = 2258 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1574
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml.RYK, type = size, size_out = 2258 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1578
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml.RYK, type = size, size_out = 1666 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x157c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\MasterDescriptor.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\MasterDescriptor.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\MasterDescriptor.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1580
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\s641033.hash, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\s641033.hash, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\s641033.hash.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1584
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\Stream.Platform.Culture.man.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\Stream.Platform.Culture.man.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\Stream.Platform.Culture.man.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1588
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.hash, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.hash, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.hash.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x158c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.man.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.man.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.man.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1590
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\MasterDescriptor.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\MasterDescriptor.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\MasterDescriptor.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1594
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\s640.hash, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\s640.hash, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\s640.hash.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1598
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\Stream.Platform.x-none.man.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\Stream.Platform.x-none.man.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\Stream.Platform.x-none.man.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x159c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.hash, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.hash, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.hash.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x15a0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.man.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.man.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.man.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x15a4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man, type = size, size_out = 413724 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man, size = 413724, size_out = 413724 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man, size = 413728 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x15a8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x15ac
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x15b0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x15b4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x15b8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x15bc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x15c0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x15c4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x15c8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x15cc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x15d0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x15d4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x15d8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x15dc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x15e0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x15e4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x15e8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x15ec
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x15f0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x15f4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x15f8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x15fc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1600
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1604
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1608
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x160c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1610
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1614
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1618
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x161c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1620
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1624
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1628
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x162c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1630
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1634
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1638
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x163c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates Logon.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates Logon.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates Logon.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1640
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1644
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerLogon.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerLogon.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerLogon.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1648
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x164c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1650
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1654
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man, type = size, size_out = 113737 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man, size = 113737, size_out = 113737 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man, size = 113744 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1658
16
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man, type = size, size_out = 1077377 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man, size = 77377, size_out = 77377 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man, size = 77392 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1664
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1668
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_427a1946-e0ff-4097-8c9e-ca2c1e22780b, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_427a1946-e0ff-4097-8c9e-ca2c1e22780b, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x166c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1678
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x167c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1680
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1684
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1688
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x168c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1690
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1694
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x16b0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x16b4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x16b8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x16bc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x16c0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x16c4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x16c8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x16cc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x16d0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x16d4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x16d8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x16dc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x16e0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x16e4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x16e8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x16ec
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x16f0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x16f4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_settings.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_settings.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_settings.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x16f8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1700
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static.RYK, type = size, size_out = 2898 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1704
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\cfc.flights.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\cfc.flights.json, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\cfc.flights.json.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1708
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x170c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk, type = size, size_out = 687 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk, size = 687, size_out = 687 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk, size = 688 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1710
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1714
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk.RYK, type = size, size_out = 1634 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1718
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl, type = size, size_out = 917504 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl, size = 917504, size_out = 917504 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl, size = 917520 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x171c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events00.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events00.rbs, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events00.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1720
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events01.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events01.rbs, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events01.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1724
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events10.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events10.rbs, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events10.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1728
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events11.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events11.rbs, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events11.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x172c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\parse.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\parse.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\parse.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1734
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Active.GRL.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Active.GRL.RYK, type = size, size_out = 15250 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Active.GRL.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1738
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Pending.GRL.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Pending.GRL.RYK, type = size, size_out = 15250 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Pending.GRL.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x173c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1740
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1744
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\ClickToRunPackageLocker.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\ClickToRunPackageLocker.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x1748
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\countrytable.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\countrytable.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\countrytable.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x174c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml, type = size, size_out = 3728 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\RyukReadMe.txt, size = 3728, size_out = 3728 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\RyukReadMe.txt, size = 3744 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1750
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml, type = size, size_out = 271 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml, size = 271, size_out = 271 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml, size = 272 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1758
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_0.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_0.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_0.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x175c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_1.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_1.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_1.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1760
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml, type = size, size_out = 559 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml, size = 559, size_out = 559 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml, size = 560 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1764
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml, type = size, size_out = 1263 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml, size = 1263, size_out = 1263 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml, size = 1264 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1768
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml, type = size, size_out = 271 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml, size = 271, size_out = 271 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml, size = 272 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1774
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_0.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_0.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_0.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1778
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_1.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_1.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_1.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x177c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml, type = size, size_out = 343 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml, size = 343, size_out = 343 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml, size = 352 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1780
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml, type = size, size_out = 5533 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml, size = 5533, size_out = 5533 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml, size = 5536 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1784
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml, type = size, size_out = 271 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml, size = 271, size_out = 271 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml, size = 272 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1788
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_0.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_0.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_0.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x178c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_1.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_1.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_1.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1790
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml, type = size, size_out = 313 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml, size = 313, size_out = 313 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml, size = 320 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1794
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml, type = size, size_out = 6536 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml, size = 6536, size_out = 6536 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml, size = 6544 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1798
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml, type = size, size_out = 271 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml, size = 271, size_out = 271 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml, size = 272 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x179c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_0.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_0.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_0.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x17a0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_1.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_1.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_1.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x17a4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_2.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_2.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_2.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x17a8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml, type = size, size_out = 579 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml, size = 579, size_out = 579 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml, size = 592 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x17ac
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml, type = size, size_out = 7989 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml, size = 7989, size_out = 7989 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml, size = 8000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x17b0
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml, type = size, size_out = 271 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml, size = 271, size_out = 271 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml, size = 272 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x17b4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_0.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_0.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_0.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x17b8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_1.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_1.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_1.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x17bc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_2.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_2.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_2.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x17c0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml, type = size, size_out = 555 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml, size = 555, size_out = 555 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml, size = 560 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x17c4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml, type = size, size_out = 976 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml, size = 976, size_out = 976 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml, size = 992 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x17c8
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml, type = size, size_out = 271 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml, size = 271, size_out = 271 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml, size = 272 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x17d0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime\Power_0.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime\Power_0.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime\Power_0.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x17d4
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime.xml, type = size, size_out = 203 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime.xml, size = 203, size_out = 203 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime.xml, size = 208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x17d8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\customizations.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\customizations.xml, type = size, size_out = 2226 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\customizations.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\customizations.xml, size = 2226, size_out = 2226 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\customizations.xml, size = 2240 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\customizations.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\customizations.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\customizations.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\customizations.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x17dc
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml, type = size, size_out = 271 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml, size = 271, size_out = 271 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml, size = 272 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x17e0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime\Power_0.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime\Power_0.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime\Power_0.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x17e4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml, type = size, size_out = 348 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml, size = 348, size_out = 348 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml, size = 352 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x17e8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml, type = size, size_out = 7340 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml, size = 7340, size_out = 7340 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml, size = 7344 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x17ec
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\MasterDatastore.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\MasterDatastore.xml, type = size, size_out = 271 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\MasterDatastore.xml, size = 271, size_out = 271 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\MasterDatastore.xml, size = 272 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\MasterDatastore.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\MasterDatastore.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\MasterDatastore.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\MasterDatastore.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x17fc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime\Power_0.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime\Power_0.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime\Power_0.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xa94
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime.xml, type = size, size_out = 348 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime.xml, size = 348, size_out = 348 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime.xml, size = 352 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xa34
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\customizations.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\customizations.xml, type = size, size_out = 3356 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\customizations.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\customizations.xml, size = 3356, size_out = 3356 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\customizations.xml, size = 3360 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\customizations.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\customizations.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\customizations.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\customizations.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x149c
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\MasterDatastore.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\MasterDatastore.xml, type = size, size_out = 271 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\MasterDatastore.xml, size = 271, size_out = 271 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\MasterDatastore.xml, size = 272 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\MasterDatastore.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\MasterDatastore.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\MasterDatastore.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\MasterDatastore.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xe68
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_0.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_0.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_0.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x16a4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_1.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_1.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_1.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x169c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime.xml, type = size, size_out = 313 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime.xml, size = 313, size_out = 313 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime.xml, size = 320 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x16fc
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml, type = size, size_out = 2208 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml, size = 2208, size_out = 2208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml, size = 2224 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x152c
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml, type = size, size_out = 271 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml, size = 271, size_out = 271 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml, size = 272 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1698
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime\Power_0.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime\Power_0.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime\Power_0.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1554
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime.xml, type = size, size_out = 348 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime.xml, size = 348, size_out = 348 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime.xml, size = 352 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x165c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\customizations.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\customizations.xml, type = size, size_out = 1821 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\customizations.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\customizations.xml, size = 1821, size_out = 1821 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\customizations.xml, size = 1824 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\customizations.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\customizations.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\customizations.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\customizations.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1528
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\MasterDatastore.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\MasterDatastore.xml, type = size, size_out = 271 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\MasterDatastore.xml, size = 271, size_out = 271 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\MasterDatastore.xml, size = 272 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\MasterDatastore.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\MasterDatastore.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\MasterDatastore.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\MasterDatastore.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1560
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime\Power_0.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime\Power_0.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime\Power_0.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1550
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime.xml, type = size, size_out = 348 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime.xml, size = 348, size_out = 348 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime.xml, size = 352 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1530
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml, type = size, size_out = 3494 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml, size = 3494, size_out = 3494 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml, size = 3504 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x17cc
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\MasterDatastore.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\MasterDatastore.xml, type = size, size_out = 271 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\MasterDatastore.xml, size = 271, size_out = 271 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\MasterDatastore.xml, size = 272 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\MasterDatastore.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\MasterDatastore.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\MasterDatastore.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\MasterDatastore.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1770
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_0.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_0.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_0.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1674
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_1.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_1.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_1.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x176c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime.xml, type = size, size_out = 313 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime.xml, size = 313, size_out = 313 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime.xml, size = 320 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x16ac
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\customizations.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\customizations.xml, type = size, size_out = 25497 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\customizations.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\customizations.xml, size = 25497, size_out = 25497 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\RyukReadMe.txt, size = 25504 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\customizations.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\customizations.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1754
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\MasterDatastore.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\MasterDatastore.xml, type = size, size_out = 271 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\MasterDatastore.xml, size = 271, size_out = 271 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\MasterDatastore.xml, size = 272 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\MasterDatastore.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\MasterDatastore.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\MasterDatastore.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\MasterDatastore.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1670
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_0.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_0.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_0.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1730
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_1.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_1.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_1.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x16a8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_2.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_2.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_2.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x16a0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_3.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_3.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_3.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xfb4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_4.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_4.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_4.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x648
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_5.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_5.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_5.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xd1c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_6.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_6.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_6.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xd18
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime.xml, type = size, size_out = 1299 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime.xml, size = 1299, size_out = 1299 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime.xml, size = 1312 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xd14
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\Administrator.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\Administrator.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0xd10
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\CIiHmnxMn6Ps.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\CIiHmnxMn6Ps.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0xd0c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.bmp.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.bmp.RYK, type = size, size_out = 803154 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.bmp.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xd08
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.png.RYK, type = size, size_out = 5682 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xd04
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-192.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-192.png.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-192.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1660
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png.RYK, type = size, size_out = 690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xd00
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-40.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-40.png.RYK, type = size, size_out = 722 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-40.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xcfc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png.RYK, type = size, size_out = 786 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xcf8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.bmp.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.bmp.RYK, type = size, size_out = 803154 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.bmp.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1804
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.png.RYK, type = size, size_out = 5682 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1808
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x180c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1810
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1814
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol.RYK, type = size, size_out = 722 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1818
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsBase.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsBase.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsBase.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x181c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsDlta.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsDlta.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsDlta.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1820
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvBase.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvBase.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvBase.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1824
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvDlta.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvDlta.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvDlta.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1828
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisBase.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisBase.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisBase.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x182c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisFull.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisFull.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisFull.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1830
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Network Inspection System\Support\NisLog.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Network Inspection System\Support\NisLog.txt, type = size, size_out = 34809 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Network Inspection System\Support\NisLog.txt, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Network Inspection System\Support\NisLog.txt, size = 34809, size_out = 34809 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Network Inspection System\Support\NisLog.txt, size = 34816 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Network Inspection System\Support\NisLog.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Network Inspection System\Support\NisLog.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Network Inspection System\Support\NisLog.txt, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Network Inspection System\Support\NisLog.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1834
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\CacheManager\MpScanCache-1.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\CacheManager\MpScanCache-1.bin, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\CacheManager\MpScanCache-1.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1838
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\00\192.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\00\192.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\00\192.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x183c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\198.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\198.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\198.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1840
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\263.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\263.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\263.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1844
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\271.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\271.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\271.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1848
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\02\303.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\02\303.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\02\303.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x184c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\03\324.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\03\324.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\03\324.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1850
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\259.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\259.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\259.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1854
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\261.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\261.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\261.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1858
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\191.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\191.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\191.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x185c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\199.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\199.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\199.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1860
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\317.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\317.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\317.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1864
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\06\13710.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\06\13710.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\06\13710.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1868
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\07\273.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\07\273.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\07\273.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x186c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\13711.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\13711.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\13711.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1870
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\238.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\238.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\238.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1874
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\287.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\287.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\287.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1878
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\197.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\197.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\197.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x187c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\267.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\267.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\267.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1880
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\286.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\286.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\286.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1884
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\11\200.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\11\200.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\11\200.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1888
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\12\194.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\12\194.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\12\194.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x188c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\13\278.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\13\278.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\13\278.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1890
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\14\9664.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\14\9664.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\14\9664.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1894
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\13712.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\13712.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\13712.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1898
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\196.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\196.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\196.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x189c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\262.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\262.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\262.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x18a0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\288.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\288.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\288.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x18a4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\193.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\193.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\193.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x18a8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\300.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\300.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\300.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x18ac
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107001, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107001, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107001, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107001, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107001.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107001, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107001.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x18b0
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107002, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107002, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107002, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107002, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107002.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107002, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107002.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x18b4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\195.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\195.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\195.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x18b8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\266.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\266.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\266.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x18bc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\272.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\272.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\272.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x18c0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\328.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\328.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\328.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x18c4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\20\189.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\20\189.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\20\189.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x18c8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\13719.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\13719.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\13719.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x18cc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\260.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\260.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\260.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x18d0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\22\323.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\22\323.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\22\323.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x18d4
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log.RYK, type = size, size_out = 24 |
|
2 |
Thread 0x18d8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\1\0000000000000000.idx.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\1\0000000000000000.idx.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\1\0000000000000000.idx.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x18dc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\0000000000000000.idx.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\0000000000000000.idx.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\0000000000000000.idx.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x18e0
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat, type = size, size_out = 514 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x18e4
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat, type = size, size_out = 738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x18e8
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\94\A75BFDE52F3DD8E6.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\94\A75BFDE52F3DD8E6.dat, type = size, size_out = 642 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\94\A75BFDE52F3DD8E6.dat, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\94\A75BFDE52F3DD8E6.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\94\A75BFDE52F3DD8E6.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\94\A75BFDE52F3DD8E6.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\94\A75BFDE52F3DD8E6.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x18ec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\3\0000000000000000.idx.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\3\0000000000000000.idx.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\3\0000000000000000.idx.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x18f0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\4\0000000000000000.idx.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\4\0000000000000000.idx.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\4\0000000000000000.idx.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x18f4
22
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin, type = size, size_out = 10707047 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin, size = 16, size_out = 16 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin, size = 0, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin, size = 16 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin, size = 10 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\RyukReadMe.txt, size = 16 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x18f8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x18fc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1900
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1904
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1908
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x190c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CB, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CB, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CB.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1910
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CC, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CC, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CC.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1914
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE0, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE0, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE0.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1918
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x191c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VF, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VF, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VF.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1920
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MpDiag.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MpDiag.bin.RYK, type = size, size_out = 402 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MpDiag.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1924
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Live\WLive48x48.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Live\WLive48x48.png.RYK, type = size, size_out = 4946 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Live\WLive48x48.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1928
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\confident.cov, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\confident.cov, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\confident.cov.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x192c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\fyi.cov, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\fyi.cov, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\fyi.cov.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1930
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\generic.cov, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\generic.cov, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\generic.cov.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1934
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\urgent.cov, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\urgent.cov, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\urgent.cov.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1938
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\WelcomeFax.tif, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\WelcomeFax.tif, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\WelcomeFax.tif.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1940
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSScan\WelcomeScan.jpg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSScan\WelcomeScan.jpg, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSScan\WelcomeScan.jpg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1944
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft OneDrive\setup\refcount.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft OneDrive\setup\refcount.ini.RYK, type = size, size_out = 306 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft OneDrive\setup\refcount.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1948
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp.RYK, type = size, size_out = 338 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x194c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8.RYK, type = size, size_out = 82552220 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1954
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm.RYK, type = size, size_out = 930 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1958
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm.RYK, type = size, size_out = 930 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x195c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm.RYK, type = size, size_out = 1042 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1978
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm.RYK, type = size, size_out = 930 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x197c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm.RYK, type = size, size_out = 1042 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1980
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm.RYK, type = size, size_out = 930 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1984
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1988
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x198c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1990
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1998
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x199c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access 2016.lnk.RYK, type = size, size_out = 2706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x19a0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access.lnk.RYK, type = size, size_out = 2706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x19a4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Desktop.ini.RYK, type = size, size_out = 658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x19a8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Speech Recognition.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Speech Recognition.lnk.RYK, type = size, size_out = 1522 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Speech Recognition.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x19ac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini.RYK, type = size, size_out = 1762 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x19b0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk.RYK, type = size, size_out = 1458 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x19b4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Paint.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Paint.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Paint.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x19b8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk.RYK, type = size, size_out = 1490 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x19bc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x19c0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Paint.lnk.RYK, type = size, size_out = 1378 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Paint.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x19c4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Sticky Notes.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Sticky Notes.lnk.RYK, type = size, size_out = 1474 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Sticky Notes.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x19c8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\Character Map.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\Character Map.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\Character Map.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x19cc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\desktop.ini.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x19d0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini.RYK, type = size, size_out = 466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x19d4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x19d8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk.RYK, type = size, size_out = 1378 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x19dc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Media Player.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Media Player.lnk.RYK, type = size, size_out = 1634 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Media Player.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x19e0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x19e4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x19ec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x19f0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Component Services.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x19f4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Computer Management.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.hash, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.hash, size = 25, size_out = 25 |
|
1 |
Thread 0x19f8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.hash, type = size, size_out = 2882 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.hash, size = 25, size_out = 25 |
|
1 |
Thread 0x19fc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1a00
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1a04
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Event Viewer.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Event Viewer.lnk.RYK, type = size, size_out = 1458 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Event Viewer.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1a08
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk.RYK, type = size, size_out = 1426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1a0c
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk, type = size, size_out = 1426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1a10
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk, type = size, size_out = 1140 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk, size = 1140, size_out = 1140 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk, size = 1152 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1a14
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk.RYK, type = size, size_out = 1140 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk.RYK, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk.RYK, size = 1140, size_out = 1140 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk.RYK, size = 1152 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk.RYK, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk.RYK, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1a18
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1a1c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1a20
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1a24
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk.RYK, type = size, size_out = 1122 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk.RYK, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk.RYK, size = 1122, size_out = 1122 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk.RYK, size = 1136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk.RYK, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk.RYK, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1a28
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1a2c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Configuration.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Configuration.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Configuration.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1a30
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Information.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1a34
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1a38
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk, type = size, size_out = 1156 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk, size = 1156, size_out = 1156 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk, size = 1168 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1a3c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini.RYK, type = size, size_out = 1298 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1a40
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Desktop.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Desktop.lnk.RYK, type = size, size_out = 1138 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Desktop.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1a44
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk.RYK, type = size, size_out = 2482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1a48
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk.RYK, type = size, size_out = 2706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1a4c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel.lnk.RYK, type = size, size_out = 2706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1a50
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Immersive Control Panel.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Immersive Control Panel.lnk.RYK, type = size, size_out = 2626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Immersive Control Panel.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1a5c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\About Java.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\About Java.lnk.RYK, type = size, size_out = 2386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\About Java.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1a60
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Check For Updates.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Check For Updates.lnk.RYK, type = size, size_out = 2402 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Check For Updates.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1a64
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Configure Java.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Configure Java.lnk.RYK, type = size, size_out = 2354 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Configure Java.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1a68
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Get Help.url.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Get Help.url.RYK, type = size, size_out = 466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Get Help.url.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1a6c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url.RYK, type = size, size_out = 466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1a70
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1a74
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Database Compare 2016.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\RyukReadMe.txt, type = size, size_out = 2563 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\RyukReadMe.txt, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\RyukReadMe.txt, size = 2563, size_out = 2563 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\RyukReadMe.txt, size = 2576 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Database Compare 2016.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Database Compare 2016.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1a78
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Language Preferences.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk, type = size, size_out = 2440 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk, size = 2440, size_out = 2440 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk, size = 2448 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Language Preferences.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Language Preferences.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1a7c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk, type = size, size_out = 2581 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk, size = 2581, size_out = 2581 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk, size = 2592 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1a80
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk, type = size, size_out = 2576 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk, size = 2576, size_out = 2576 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk, size = 2592 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1a84
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Skype for Business Recording Manager.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Skype for Business Recording Manager.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Skype for Business Recording Manager.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1a88
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk, type = size, size_out = 2575 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk, size = 2575, size_out = 2575 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk, size = 2576 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1a8c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Dashboard for Office 2016.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk, type = size, size_out = 2516 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk, size = 2516, size_out = 2516 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk, size = 2528 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Dashboard for Office 2016.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Dashboard for Office 2016.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1a90
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Log for Office 2016.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Log for Office 2016.lnk, type = size, size_out = 2582 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Log for Office 2016.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\RyukReadMe.txt, size = 2582, size_out = 2582 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\RyukReadMe.txt, size = 2592 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Log for Office 2016.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Log for Office 2016.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1a94
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\MiracastView.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\MiracastView.lnk.RYK, type = size, size_out = 2498 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\MiracastView.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1a98
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneDrive for Business.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneDrive for Business.lnk.RYK, type = size, size_out = 2482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneDrive for Business.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1a9c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneNote 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneNote 2016.lnk.RYK, type = size, size_out = 2674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneNote 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1aa0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1aa4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook.lnk.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1aa8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint 2016.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1aac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1ab0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk.RYK, type = size, size_out = 2482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1ab4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project 2016.lnk.RYK, type = size, size_out = 2754 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1ab8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project.lnk.RYK, type = size, size_out = 2450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1abc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher 2016.lnk.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1ac0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher.lnk.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1ac4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Search.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Search.lnk.RYK, type = size, size_out = 1874 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Search.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1ac8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business 2016.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1acc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1ad0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\StartUp\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\StartUp\desktop.ini.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\StartUp\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1ad4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\RyukReadMe.txt, type = size, size_out = 1538 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\RyukReadMe.txt, size = 25, size_out = 25 |
|
1 |
Thread 0x1ad8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini.RYK, type = size, size_out = 738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1adc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1ae0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1ae4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio.lnk.RYK, type = size, size_out = 2434 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1ae8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1aec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1af4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml, type = size, size_out = 841 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml, size = 841, size_out = 841 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml, size = 848 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1af8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1afc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1b00
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1b04
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1b08
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1b10
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1b14
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1b18
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1b1c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1b20
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1b24
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1b28
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1b2c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1b30
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1b34
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1b38
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1b3c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1b40
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1b44
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl.RYK, type = size, size_out = 4386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1b48
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1b4c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1b50
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.001.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.001.etl.RYK, type = size, size_out = 4386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.001.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1b54
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Acrobat Reader DC.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Acrobat Reader DC.lnk.RYK, type = size, size_out = 2418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Acrobat Reader DC.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1b58
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1b5c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini.RYK, type = size, size_out = 562 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1b60
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini.RYK, type = size, size_out = 658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1b64
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini.RYK, type = size, size_out = 658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1b68
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini.RYK, type = size, size_out = 658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1b6c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\MasterDescriptor.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\MasterDescriptor.en-us.xml, type = size, size_out = 22095 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\MasterDescriptor.en-us.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\MasterDescriptor.en-us.xml, size = 22095, size_out = 22095 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\MasterDescriptor.en-us.xml, size = 22096 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\MasterDescriptor.en-us.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\MasterDescriptor.en-us.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\MasterDescriptor.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\MasterDescriptor.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1b70
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\s641033.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\s641033.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\s641033.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1b74
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\stream.x64.en-us.man.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\stream.x64.en-us.man.dat, type = size, size_out = 882628 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\stream.x64.en-us.man.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\stream.x64.en-us.man.dat, size = 882628, size_out = 882628 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\stream.x64.en-us.man.dat, size = 882640 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\stream.x64.en-us.man.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\stream.x64.en-us.man.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\stream.x64.en-us.man.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\stream.x64.en-us.man.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1b78
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\MasterDescriptor.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\MasterDescriptor.x-none.xml, type = size, size_out = 21009 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\MasterDescriptor.x-none.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\MasterDescriptor.x-none.xml, size = 21009, size_out = 21009 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\MasterDescriptor.x-none.xml, size = 21024 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\MasterDescriptor.x-none.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\MasterDescriptor.x-none.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\MasterDescriptor.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\MasterDescriptor.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1b7c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\s640.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\s640.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\s640.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1b80
24
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\stream.x64.x-none.man.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\stream.x64.x-none.man.dat, type = size, size_out = 3688458 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\stream.x64.x-none.man.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\stream.x64.x-none.man.dat, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\stream.x64.x-none.man.dat, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\stream.x64.x-none.man.dat, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\stream.x64.x-none.man.dat, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\stream.x64.x-none.man.dat, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\stream.x64.x-none.man.dat, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\stream.x64.x-none.man.dat, size = 688458, size_out = 688458 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\stream.x64.x-none.man.dat, size = 688464 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\stream.x64.x-none.man.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\stream.x64.x-none.man.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\stream.x64.x-none.man.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\stream.x64.x-none.man.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1b84
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\MasterDescriptor.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\MasterDescriptor.en-us.xml, type = size, size_out = 22095 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\MasterDescriptor.en-us.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\MasterDescriptor.en-us.xml, size = 22095, size_out = 22095 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\MasterDescriptor.en-us.xml, size = 22096 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\MasterDescriptor.en-us.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\MasterDescriptor.en-us.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\MasterDescriptor.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\MasterDescriptor.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1b88
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\s641033.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\s641033.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\s641033.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1b8c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\stream.x64.en-us.man.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\stream.x64.en-us.man.dat, type = size, size_out = 882628 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\stream.x64.en-us.man.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\stream.x64.en-us.man.dat, size = 882628, size_out = 882628 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\stream.x64.en-us.man.dat, size = 882640 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\stream.x64.en-us.man.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\stream.x64.en-us.man.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\stream.x64.en-us.man.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\stream.x64.en-us.man.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1b90
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\MasterDescriptor.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\MasterDescriptor.x-none.xml, type = size, size_out = 21009 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\MasterDescriptor.x-none.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\MasterDescriptor.x-none.xml, size = 21009, size_out = 21009 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\MasterDescriptor.x-none.xml, size = 21024 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\MasterDescriptor.x-none.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\MasterDescriptor.x-none.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\MasterDescriptor.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\MasterDescriptor.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1b94
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\s640.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\s640.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\s640.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1b98
24
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\stream.x64.x-none.man.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\stream.x64.x-none.man.dat, type = size, size_out = 3688458 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\stream.x64.x-none.man.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\stream.x64.x-none.man.dat, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\stream.x64.x-none.man.dat, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\stream.x64.x-none.man.dat, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\stream.x64.x-none.man.dat, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\stream.x64.x-none.man.dat, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\stream.x64.x-none.man.dat, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\stream.x64.x-none.man.dat, size = 688458, size_out = 688458 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\stream.x64.x-none.man.dat, size = 688464 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\stream.x64.x-none.man.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\stream.x64.x-none.man.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\stream.x64.x-none.man.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\stream.x64.x-none.man.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1b9c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml.RYK, type = size, size_out = 2258 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1ba0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml.RYK, type = size, size_out = 2258 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1ba4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml.RYK, type = size, size_out = 1666 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1ba8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\MasterDescriptor.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\MasterDescriptor.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\MasterDescriptor.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1bac
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\s641033.hash, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\s641033.hash, type = size, size_out = 106 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\s641033.hash, size = 106, size_out = 106 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\s641033.hash, size = 112 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\s641033.hash, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\s641033.hash, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\s641033.hash, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\s641033.hash.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1bb0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\Stream.Platform.Culture.man.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\Stream.Platform.Culture.man.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\Stream.Platform.Culture.man.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1bb4
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.hash, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.hash, type = size, size_out = 128 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.hash, size = 128, size_out = 128 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.hash, size = 144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.hash, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.hash, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.hash, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.hash.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1bb8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.man.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.man.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.man.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1bc8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\MasterDescriptor.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\MasterDescriptor.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\MasterDescriptor.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1bcc
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\s640.hash, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\s640.hash, type = size, size_out = 106 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\s640.hash, size = 106, size_out = 106 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\s640.hash, size = 112 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\s640.hash, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\s640.hash, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\s640.hash, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\s640.hash.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1bd0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\Stream.Platform.x-none.man.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\Stream.Platform.x-none.man.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\Stream.Platform.x-none.man.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1bd4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.hash, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.hash, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.hash.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1bd8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.man.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.man.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.man.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1bdc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man.RYK, type = size, size_out = 414002 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1be0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1be4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml, type = size, size_out = 60762 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml, size = 60762, size_out = 60762 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml, size = 60768 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1be8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml, type = size, size_out = 2042 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml, size = 2042, size_out = 2042 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml, size = 2048 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1bec
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml, type = size, size_out = 16226 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml, size = 16226, size_out = 16226 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml, size = 16240 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1bf0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml, type = size, size_out = 9818 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml, size = 9818, size_out = 9818 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml, size = 9824 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1bf4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1bf8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml, type = size, size_out = 37518 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml, size = 37518, size_out = 37518 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml, size = 37520 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1bfc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xccc
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml, type = size, size_out = 22114 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml, size = 22114, size_out = 22114 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml, size = 22128 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xcf4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml, type = size, size_out = 16974 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml, size = 16974, size_out = 16974 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml, size = 16976 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xcf0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml, type = size, size_out = 346180 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml, size = 346180, size_out = 346180 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml, size = 346192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xcec
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml, type = size, size_out = 125526 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml, size = 125526, size_out = 125526 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml, size = 125536 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xce0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml, type = size, size_out = 2042 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml, size = 2042, size_out = 2042 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml, size = 2048 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xcdc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xcd8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml, type = size, size_out = 18454 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml, size = 18454, size_out = 18454 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml, size = 18464 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xcd4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml, type = size, size_out = 1526 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml, size = 1526, size_out = 1526 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml, size = 1536 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xcd0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml, type = size, size_out = 11048 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\RyukReadMe.txt, size = 11048, size_out = 11048 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\RyukReadMe.txt, size = 11056 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1518
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1514
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml, type = size, size_out = 11146 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml, size = 11146, size_out = 11146 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml, size = 11152 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x147c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1504
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml, type = size, size_out = 96884 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml, size = 96884, size_out = 96884 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml, size = 96896 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x155c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1480
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1478
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml, type = size, size_out = 26846 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml, size = 26846, size_out = 26846 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml, size = 26848 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1950
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x196c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml, type = size, size_out = 32164 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml, size = 32164, size_out = 32164 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml, size = 32176 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xe34
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml, type = size, size_out = 27520 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml, size = 27520, size_out = 27520 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml, size = 27536 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1af0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml, type = size, size_out = 25794 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml, size = 25794, size_out = 25794 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml, size = 25808 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1c04
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml, type = size, size_out = 25794 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml, size = 25794, size_out = 25794 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml, size = 25808 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1c08
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml, type = size, size_out = 2042 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml, size = 2042, size_out = 2042 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml, size = 2048 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1c0c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1c10
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml, type = size, size_out = 13374 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml, size = 13374, size_out = 13374 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml, size = 13376 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1c14
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1c18
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1c1c
16
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml, type = size, size_out = 1175422 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml, size = 175422, size_out = 175422 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml, size = 175424 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1c20
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1c24
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml, type = size, size_out = 78178 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml, size = 78178, size_out = 78178 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml, size = 78192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1c28
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates Logon.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates Logon.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates Logon.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1c2c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml, type = size, size_out = 6772 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml, size = 6772, size_out = 6772 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml, size = 6784 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1c30
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerLogon.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerLogon.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerLogon.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1c34
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1c38
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1c3c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1c40
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man.RYK, type = size, size_out = 114018 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1c44
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man.RYK, type = size, size_out = 1077666 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1c48
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b, type = size, size_out = 52 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b, size = 52, size_out = 52 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b, size = 64 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1c4c
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_427a1946-e0ff-4097-8c9e-ca2c1e22780b, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_427a1946-e0ff-4097-8c9e-ca2c1e22780b, type = size, size_out = 56 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_427a1946-e0ff-4097-8c9e-ca2c1e22780b, size = 56, size_out = 56 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_427a1946-e0ff-4097-8c9e-ca2c1e22780b, size = 64 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_427a1946-e0ff-4097-8c9e-ca2c1e22780b, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_427a1946-e0ff-4097-8c9e-ca2c1e22780b, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_427a1946-e0ff-4097-8c9e-ca2c1e22780b, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1c50
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848, type = size, size_out = 1565 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848, size = 1565, size_out = 1565 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848, size = 1568 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1c58
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1c5c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1c60
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1c64
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1c68
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1c6c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1c70
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1c74
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1c78
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1c7c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1c80
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1c84
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1c88
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1c8c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1c90
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1c94
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1c98
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1c9c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1ca0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1ca4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1ca8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1cac
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1cb0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1cb4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1cb8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1cbc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_settings.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_settings.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_settings.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1cc0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1cc4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static.RYK, type = size, size_out = 2898 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1cc8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\cfc.flights.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\cfc.flights.json, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\cfc.flights.json.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1ccc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1cd0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk.RYK, type = size, size_out = 962 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1cd4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1cd8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk.RYK, type = size, size_out = 1634 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1cdc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl.RYK, type = size, size_out = 917794 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1ce0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events00.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events00.rbs, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events00.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1ce4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events01.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events01.rbs, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events01.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1ce8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events10.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events10.rbs, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events10.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1cec
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events11.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events11.rbs, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events11.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1cf0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\parse.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\parse.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\parse.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1cf4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Active.GRL.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Active.GRL.RYK, type = size, size_out = 15250 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Active.GRL.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1cf8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Pending.GRL.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Pending.GRL.RYK, type = size, size_out = 15250 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Pending.GRL.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1d00
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1d04
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1d08
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\ClickToRunPackageLocker.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\ClickToRunPackageLocker.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x1d0c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\countrytable.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\countrytable.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\countrytable.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1d10
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml.RYK, type = size, size_out = 4018 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1d14
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1d18
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_0.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_0.provxml, type = size, size_out = 1822 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_0.provxml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_0.provxml, size = 1822, size_out = 1822 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_0.provxml, size = 1824 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_0.provxml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_0.provxml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_0.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_0.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1d1c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_1.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_1.provxml, type = size, size_out = 1822 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_1.provxml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_1.provxml, size = 1822, size_out = 1822 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_1.provxml, size = 1824 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_1.provxml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_1.provxml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_1.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_1.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1d20
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml.RYK, type = size, size_out = 834 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1d24
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml.RYK, type = size, size_out = 1538 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1d28
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1d2c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_0.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_0.provxml, type = size, size_out = 360 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_0.provxml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_0.provxml, size = 360, size_out = 360 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_0.provxml, size = 368 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_0.provxml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_0.provxml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_0.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_0.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1d30
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_1.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml.RYK, type = size, size_out = 360 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml.RYK, size = 360, size_out = 360 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml.RYK, size = 368 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml.RYK, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml.RYK, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_1.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_1.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1d34
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml.RYK, type = size, size_out = 626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1d38
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml.RYK, type = size, size_out = 5810 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1d3c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1d40
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_0.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_0.provxml, type = size, size_out = 3293 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_0.provxml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_0.provxml, size = 3293, size_out = 3293 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_0.provxml, size = 3296 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_0.provxml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_0.provxml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_0.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_0.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1d44
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_1.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_1.provxml, type = size, size_out = 3293 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_1.provxml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_1.provxml, size = 3293, size_out = 3293 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_1.provxml, size = 3296 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_1.provxml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_1.provxml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_1.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_1.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1d48
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml.RYK, type = size, size_out = 594 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1d4c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml.RYK, type = size, size_out = 6818 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1d50
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1d54
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_0.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_0.provxml, type = size, size_out = 3031 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_0.provxml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_0.provxml, size = 3031, size_out = 3031 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_0.provxml, size = 3040 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_0.provxml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_0.provxml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_0.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_0.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1d58
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_1.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_1.provxml, type = size, size_out = 1824 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_1.provxml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_1.provxml, size = 1824, size_out = 1824 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_1.provxml, size = 1840 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_1.provxml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_1.provxml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_1.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_1.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1d5c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_2.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_2.provxml, type = size, size_out = 2309 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_2.provxml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime\RyukReadMe.txt, size = 2309, size_out = 2309 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime\RyukReadMe.txt, size = 2320 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_2.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_2.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1d60
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml.RYK, type = size, size_out = 866 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1d64
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml.RYK, type = size, size_out = 8274 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1d68
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1d6c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_0.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_0.provxml, type = size, size_out = 4043 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_0.provxml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_0.provxml, size = 4043, size_out = 4043 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_0.provxml, size = 4048 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_0.provxml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_0.provxml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_0.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_0.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1d70
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_1.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_1.provxml, type = size, size_out = 3308 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_1.provxml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_1.provxml, size = 3308, size_out = 3308 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_1.provxml, size = 3312 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_1.provxml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_1.provxml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_1.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_1.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1d74
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_2.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_2.provxml, type = size, size_out = 1814 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_2.provxml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_2.provxml, size = 1814, size_out = 1814 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_2.provxml, size = 1824 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_2.provxml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_2.provxml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_2.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_2.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1d88
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml.RYK, type = size, size_out = 834 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1d8c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml.RYK, type = size, size_out = 1266 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1d90
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1d94
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime\Power_0.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime\Power_0.provxml, type = size, size_out = 635 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime\Power_0.provxml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime\Power_0.provxml, size = 635, size_out = 635 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime\Power_0.provxml, size = 640 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime\Power_0.provxml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime\Power_0.provxml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime\Power_0.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime\Power_0.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1d98
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime.xml.RYK, type = size, size_out = 482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1d9c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\customizations.xml.RYK, type = size, size_out = 2514 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1da0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1da4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime\Power_0.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime\Power_0.provxml, type = size, size_out = 1648 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime\Power_0.provxml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime\Power_0.provxml, size = 1648, size_out = 1648 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime\Power_0.provxml, size = 1664 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime\Power_0.provxml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime\Power_0.provxml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime\Power_0.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime\Power_0.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1da8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml.RYK, type = size, size_out = 626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1dac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml.RYK, type = size, size_out = 7618 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1db0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1db4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime\Power_0.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime\Power_0.provxml, type = size, size_out = 7086 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime\Power_0.provxml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime\Power_0.provxml, size = 7086, size_out = 7086 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime\Power_0.provxml, size = 7088 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime\Power_0.provxml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime\Power_0.provxml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime\Power_0.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime\Power_0.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1dbc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime.xml.RYK, type = size, size_out = 626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1dc0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\customizations.xml.RYK, type = size, size_out = 3634 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1dc4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1dc8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_0.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_0.provxml, type = size, size_out = 1818 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_0.provxml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_0.provxml, size = 1818, size_out = 1818 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_0.provxml, size = 1824 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_0.provxml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_0.provxml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_0.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_0.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1dcc
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_1.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_1.provxml, type = size, size_out = 1808 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_1.provxml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_1.provxml, size = 1808, size_out = 1808 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_1.provxml, size = 1824 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_1.provxml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_1.provxml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_1.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_1.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1dd0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime.xml.RYK, type = size, size_out = 594 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1dd4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml.RYK, type = size, size_out = 2498 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1dd8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1ddc
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime\Power_0.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime\Power_0.provxml, type = size, size_out = 1635 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime\Power_0.provxml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime\Power_0.provxml, size = 1635, size_out = 1635 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime\Power_0.provxml, size = 1648 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime\Power_0.provxml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime\Power_0.provxml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime\Power_0.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime\Power_0.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1de0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime.xml.RYK, type = size, size_out = 626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1de4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\customizations.xml.RYK, type = size, size_out = 2098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1de8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1dec
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime\Power_0.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime\Power_0.provxml, type = size, size_out = 1046 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime\Power_0.provxml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime\Power_0.provxml, size = 1046, size_out = 1046 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime\Power_0.provxml, size = 1056 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime\Power_0.provxml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime\Power_0.provxml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime\Power_0.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime\Power_0.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1df0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime.xml.RYK, type = size, size_out = 626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1df4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml.RYK, type = size, size_out = 3778 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1df8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1dfc
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_0.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_0.provxml, type = size, size_out = 1844 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_0.provxml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_0.provxml, size = 1844, size_out = 1844 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_0.provxml, size = 1856 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_0.provxml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_0.provxml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_0.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_0.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1e00
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_1.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_1.provxml, type = size, size_out = 1842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_1.provxml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_1.provxml, size = 1842, size_out = 1842 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_1.provxml, size = 1856 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_1.provxml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_1.provxml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_1.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_1.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1e04
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime.xml.RYK, type = size, size_out = 594 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1e0c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\customizations.xml.RYK, type = size, size_out = 25778 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1e10
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1e14
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_0.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_0.provxml, type = size, size_out = 5829 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_0.provxml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_0.provxml, size = 5829, size_out = 5829 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_0.provxml, size = 5840 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_0.provxml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_0.provxml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_0.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_0.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1e18
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_1.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_1.provxml, type = size, size_out = 1414 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_1.provxml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_1.provxml, size = 1414, size_out = 1414 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_1.provxml, size = 1424 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_1.provxml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_1.provxml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_1.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_1.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1e1c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_2.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_2.provxml, type = size, size_out = 4120 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_2.provxml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_2.provxml, size = 4120, size_out = 4120 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_2.provxml, size = 4128 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_2.provxml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_2.provxml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_2.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_2.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1e20
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_3.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_3.provxml, type = size, size_out = 6205 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_3.provxml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_3.provxml, size = 6205, size_out = 6205 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_5.provxml, size = 6208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_5.provxml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_5.provxml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_3.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_3.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1e24
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_4.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_2.provxml, type = size, size_out = 6457 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_2.provxml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_2.provxml, size = 6457, size_out = 6457 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_2.provxml, size = 6464 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_2.provxml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_2.provxml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_4.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_4.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1e28
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_5.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_5.provxml, type = size, size_out = 3431 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_5.provxml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_5.provxml, size = 3431, size_out = 3431 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_5.provxml, size = 3440 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_5.provxml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_5.provxml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_5.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_5.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1e2c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_6.provxml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_6.provxml, type = size, size_out = 2367 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_6.provxml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_6.provxml, size = 2367, size_out = 2367 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_6.provxml, size = 2368 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_6.provxml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_6.provxml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_6.provxml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_6.provxml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1e30
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime.xml.RYK, type = size, size_out = 1586 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1e34
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\Administrator.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\Administrator.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x1e38
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\CIiHmnxMn6Ps.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\CIiHmnxMn6Ps.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x1e3c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.bmp.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.bmp.RYK, type = size, size_out = 803154 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.bmp.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1e40
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.png.RYK, type = size, size_out = 5682 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1e44
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-192.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-192.png.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-192.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1e48
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png.RYK, type = size, size_out = 690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1e4c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-40.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-40.png.RYK, type = size, size_out = 722 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-40.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1e50
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png.RYK, type = size, size_out = 786 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1e54
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.bmp.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.bmp.RYK, type = size, size_out = 803154 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.bmp.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1e58
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.png.RYK, type = size, size_out = 5682 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1e5c
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch, type = size, size_out = 158 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch, size = 158, size_out = 158 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch, size = 160 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1e60
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch, type = size, size_out = 110 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch, size = 110, size_out = 110 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch, size = 112 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1e64
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch, type = size, size_out = 262 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch, size = 262, size_out = 262 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch, size = 272 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1e68
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol.RYK, type = size, size_out = 722 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1ea4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsBase.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsBase.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsBase.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1ea8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsDlta.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsDlta.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsDlta.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1eac
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvBase.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvBase.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvBase.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1eb0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvDlta.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvDlta.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvDlta.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1eb4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisBase.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisBase.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisBase.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1eb8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisFull.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisFull.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisFull.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1ebc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Network Inspection System\Support\NisLog.txt.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Network Inspection System\Support\NisLog.txt.RYK, type = size, size_out = 35090 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Network Inspection System\Support\NisLog.txt.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1ec0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\CacheManager\MpScanCache-1.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\CacheManager\MpScanCache-1.bin, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\CacheManager\MpScanCache-1.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1ec4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\00\192.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\00\192.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\00\192.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1ec8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\198.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\198.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\198.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1ecc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\263.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\263.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\263.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1ed0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\271.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\271.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\271.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1ed4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\02\303.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\02\303.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\02\303.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1ed8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\03\324.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\03\324.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\03\324.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1edc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\259.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\259.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\259.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1ee0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\261.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\261.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\261.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1ee4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\191.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\191.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\191.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1ee8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\199.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\199.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\199.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1eec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\317.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\317.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\317.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1ef0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\06\13710.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\06\13710.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\06\13710.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1ef4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\07\273.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\07\273.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\07\273.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1ef8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\13711.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\13711.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\13711.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1efc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\238.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\238.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\238.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1f00
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\287.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\287.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\287.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1f04
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\197.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\197.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\197.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1f08
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\267.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\267.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\267.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1f0c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\286.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\286.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\286.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1f10
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\11\200.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\11\200.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\11\200.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1f14
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\12\194.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\12\194.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\12\194.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1f18
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\13\278.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\13\278.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\13\278.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1f1c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\14\9664.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\14\9664.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\14\9664.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1f20
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\13712.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\13712.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\13712.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1f24
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\196.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\196.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\196.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1f28
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\262.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\262.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\262.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1f2c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\288.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\288.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\288.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1f30
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\193.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\193.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\193.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1f34
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\300.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\300.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\300.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1f38
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107001.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107001.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107001.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1f3c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107002.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107002.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107002.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1f40
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\195.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\195.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\195.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1f44
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\266.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\266.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\266.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1f48
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\272.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\272.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\272.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1f4c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\328.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\328.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\328.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1f50
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\20\189.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\20\189.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\20\189.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1f54
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\13719.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\13719.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\13719.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1f58
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\260.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\260.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\260.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1f5c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\22\323.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\22\323.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\22\323.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1f60
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log.RYK, type = size, size_out = 24 |
|
2 |
Thread 0x1f64
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\1\0000000000000000.idx.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\1\0000000000000000.idx.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\1\0000000000000000.idx.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1f68
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\0000000000000000.idx.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\0000000000000000.idx.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\0000000000000000.idx.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1f6c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat.RYK, type = size, size_out = 514 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1f70
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat.RYK, type = size, size_out = 738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1f74
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\94\A75BFDE52F3DD8E6.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\94\A75BFDE52F3DD8E6.dat.RYK, type = size, size_out = 642 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\94\A75BFDE52F3DD8E6.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1f78
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\3\0000000000000000.idx.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\3\0000000000000000.idx.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\3\0000000000000000.idx.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1f7c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\4\0000000000000000.idx.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\4\0000000000000000.idx.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\4\0000000000000000.idx.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1f80
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin, type = size, size_out = 10707341 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1f84
170
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, type = size, size_out = 187772928 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 16, size_out = 16 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 0, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 16 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 11 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 268 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, size = 16 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1f88
24
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E, type = size, size_out = 3354624 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E, size = 354624, size_out = 354624 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E, size = 354640 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1f8c
22
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80, type = size, size_out = 12480512 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80, size = 16, size_out = 16 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80, size = 0, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80, size = 16 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80, size = 10 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80, size = 268 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80, size = 16 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1f90
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87, type = size, size_out = 2519040 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87, size = 519040, size_out = 519040 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87, size = 519056 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1f94
28
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0, type = size, size_out = 4599808 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0, size = 599808, size_out = 599808 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0, size = 599824 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1f9c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CB, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\RyukReadMe.txt, type = size, size_out = 294912 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\RyukReadMe.txt, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\RyukReadMe.txt, size = 294912, size_out = 294912 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\RyukReadMe.txt, size = 294928 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CB, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CB.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1fa0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CC, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CC, type = size, size_out = 552960 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CC, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CC, size = 552960, size_out = 552960 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\RyukReadMe.txt, size = 552976 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CC, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CC.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1fa4
62
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE0, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\RyukReadMe.txt, type = size, size_out = 59793408 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\RyukReadMe.txt, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\RyukReadMe.txt, size = 16, size_out = 16 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\RyukReadMe.txt, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\RyukReadMe.txt, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\RyukReadMe.txt, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\RyukReadMe.txt, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\RyukReadMe.txt, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\RyukReadMe.txt, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\RyukReadMe.txt, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\RyukReadMe.txt, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\RyukReadMe.txt, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\RyukReadMe.txt, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\RyukReadMe.txt, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\RyukReadMe.txt, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\RyukReadMe.txt, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\RyukReadMe.txt, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\RyukReadMe.txt, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\RyukReadMe.txt, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\RyukReadMe.txt, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\RyukReadMe.txt, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\RyukReadMe.txt, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\RyukReadMe.txt, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\RyukReadMe.txt, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\RyukReadMe.txt, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\RyukReadMe.txt, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\RyukReadMe.txt, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\RyukReadMe.txt, size = 0, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\RyukReadMe.txt, size = 16 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\RyukReadMe.txt, size = 11 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\RyukReadMe.txt, size = 16 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE0, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE0.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1fa8
18
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1, type = size, size_out = 5488640 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1, size = 16, size_out = 16 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1, size = 0, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1, size = 16 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1, size = 10 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1, size = 268 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1, size = 16 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1fac
16
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VF, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VF, type = size, size_out = 1933064 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VF, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VF, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VF, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VF, size = 933064, size_out = 933064 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VF, size = 933072 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VF, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VF, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VF, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VF.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1fb0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MpDiag.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MpDiag.bin.RYK, type = size, size_out = 402 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MpDiag.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1fcc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Live\WLive48x48.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Live\WLive48x48.png.RYK, type = size, size_out = 4946 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Live\WLive48x48.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1fd0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\confident.cov, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\confident.cov, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\confident.cov.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1fd4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\fyi.cov, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\fyi.cov, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\fyi.cov.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1fd8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\generic.cov, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\generic.cov, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\generic.cov.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1fdc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\urgent.cov, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\urgent.cov, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\urgent.cov.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1fe0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\WelcomeFax.tif, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\WelcomeFax.tif, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\WelcomeFax.tif.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1fe4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSScan\WelcomeScan.jpg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSScan\WelcomeScan.jpg, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSScan\WelcomeScan.jpg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1fe8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft OneDrive\setup\refcount.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft OneDrive\setup\refcount.ini.RYK, type = size, size_out = 306 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft OneDrive\setup\refcount.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1fec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp.RYK, type = size, size_out = 338 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1ff0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8.RYK, type = size, size_out = 82552220 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1ff4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab, type = size, size_out = 997054 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab, size = 997054, size_out = 997054 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab, size = 997056 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1ff8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1ffc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm.RYK, type = size, size_out = 930 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xce4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x128
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1a58
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm.RYK, type = size, size_out = 930 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1bbc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm.RYK, type = size, size_out = 1042 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1964
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\cab1.cab, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\cab1.cab, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1974
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x19e8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1d80
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1d84
16
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\cab1.cab, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\cab1.cab, type = size, size_out = 1266512 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\cab1.cab, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\cab1.cab, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\cab1.cab, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\cab1.cab, size = 266512, size_out = 266512 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\cab1.cab, size = 266528 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\cab1.cab, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\cab1.cab, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\cab1.cab, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1960
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1bc4
16
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab, type = size, size_out = 1034506 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\RyukReadMe.txt, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\RyukReadMe.txt, size = 34506, size_out = 34506 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\RyukReadMe.txt, size = 34512 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1c54
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1d7c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1d78
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1994
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab, type = size, size_out = 821681 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab, size = 821681, size_out = 821681 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab, size = 821696 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1970
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xce8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\cab1.cab, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\cab1.cab, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x948
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x193c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm.RYK, type = size, size_out = 930 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x420
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab, type = size, size_out = 809765 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab, size = 809765, size_out = 809765 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab, size = 809776 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1e08
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1db8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x17f4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1534
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm.RYK, type = size, size_out = 1042 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1558
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm.RYK, type = size, size_out = 930 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1b0c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x17f8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x8c0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x17f0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x9e8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xa88
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xa18
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xa20
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access 2016.lnk.RYK, type = size, size_out = 2706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xa28
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access.lnk.RYK, type = size, size_out = 2706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x870
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Desktop.ini.RYK, type = size, size_out = 658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x9fc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Speech Recognition.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Speech Recognition.lnk.RYK, type = size, size_out = 1522 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Speech Recognition.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x9f0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini.RYK, type = size, size_out = 1762 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xa04
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk.RYK, type = size, size_out = 1458 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x84
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Paint.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Paint.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Paint.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xa9c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk.RYK, type = size, size_out = 1490 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xaa0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xaa4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk.RYK, type = size, size_out = 1378 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xaa8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Sticky Notes.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Sticky Notes.lnk.RYK, type = size, size_out = 1474 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Sticky Notes.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xaac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\Character Map.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\Character Map.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\Character Map.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xab8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\desktop.ini.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xabc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini.RYK, type = size, size_out = 466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xac0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xaf0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk.RYK, type = size, size_out = 1378 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xaf8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Media Player.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Media Player.lnk.RYK, type = size, size_out = 1634 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Media Player.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xafc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xb00
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xb04
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xb14
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Component Services.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Component Services.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Component Services.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xb28
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Computer Management.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Computer Management.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Computer Management.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xa08
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini.RYK, type = size, size_out = 2882 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xa98
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1e70
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1e80
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Event Viewer.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Event Viewer.lnk.RYK, type = size, size_out = 1458 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Event Viewer.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xe70
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk.RYK, type = size, size_out = 1426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1e6c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk.RYK, type = size, size_out = 1426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xfb0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk.RYK, type = size, size_out = 1426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xfc8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk.RYK, type = size, size_out = 1426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xfbc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1e94
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5c0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1e9c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xfac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1ea0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Configuration.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Configuration.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Configuration.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1e78
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Information.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Information.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Information.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1e88
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1e98
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1e90
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini.RYK, type = size, size_out = 1298 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1e8c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Desktop.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Desktop.lnk.RYK, type = size, size_out = 1138 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Desktop.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1e84
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk.RYK, type = size, size_out = 2482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1e74
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk.RYK, type = size, size_out = 2706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1e7c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel.lnk.RYK, type = size, size_out = 2706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1f98
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Immersive Control Panel.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Immersive Control Panel.lnk.RYK, type = size, size_out = 2626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Immersive Control Panel.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1fc0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\About Java.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\About Java.lnk.RYK, type = size, size_out = 2386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\About Java.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xea0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Check For Updates.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Check For Updates.lnk.RYK, type = size, size_out = 2402 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Check For Updates.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1968
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Configure Java.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Configure Java.lnk.RYK, type = size, size_out = 2354 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Configure Java.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1510
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Get Help.url.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Get Help.url.RYK, type = size, size_out = 466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Get Help.url.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1fb8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url.RYK, type = size, size_out = 466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1fc8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1bc0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Database Compare 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\MiracastView.lnk.RYK, type = size, size_out = 2850 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\MiracastView.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x8cc
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Language Preferences.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Language Preferences.lnk, type = size, size_out = 2722 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Language Preferences.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Language Preferences.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Language Preferences.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Language Preferences.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Language Preferences.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1a54
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk.RYK, type = size, size_out = 2866 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1fc4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk.RYK, type = size, size_out = 2866 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1cfc
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Skype for Business Recording Manager.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Skype for Business Recording Manager.lnk, type = size, size_out = 2465 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Skype for Business Recording Manager.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Skype for Business Recording Manager.lnk, size = 2465, size_out = 2465 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Skype for Business Recording Manager.lnk, size = 2480 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Skype for Business Recording Manager.lnk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Skype for Business Recording Manager.lnk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Skype for Business Recording Manager.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Skype for Business Recording Manager.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1fb4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk.RYK, type = size, size_out = 2850 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1fbc
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Dashboard for Office 2016.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Dashboard for Office 2016.lnk, type = size, size_out = 2802 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Dashboard for Office 2016.lnk, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Dashboard for Office 2016.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Dashboard for Office 2016.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Dashboard for Office 2016.lnk, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Dashboard for Office 2016.lnk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xdbc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Log for Office 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Log for Office 2016.lnk.RYK, type = size, size_out = 2866 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Log for Office 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xfd8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\MiracastView.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\MiracastView.lnk.RYK, type = size, size_out = 2498 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\MiracastView.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xed4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneDrive for Business.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneDrive for Business.lnk.RYK, type = size, size_out = 2482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneDrive for Business.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2004
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneNote 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneNote 2016.lnk.RYK, type = size, size_out = 2674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneNote 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2008
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x200c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook.lnk.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2010
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint 2016.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2014
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2018
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk.RYK, type = size, size_out = 2482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x201c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project 2016.lnk.RYK, type = size, size_out = 2754 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2020
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project.lnk.RYK, type = size, size_out = 2450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2024
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher 2016.lnk.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2028
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher.lnk.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x202c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Search.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Search.lnk.RYK, type = size, size_out = 1874 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Search.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2030
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business 2016.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2034
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2038
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\StartUp\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\StartUp\desktop.ini.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\StartUp\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x203c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk.RYK, type = size, size_out = 1538 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2040
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini.RYK, type = size, size_out = 738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2044
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2048
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x204c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio.lnk.RYK, type = size, size_out = 2434 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2050
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2054
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2058
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml.RYK, type = size, size_out = 1122 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x205c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2060
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2064
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2068
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x206c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2070
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2074
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2078
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x207c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2080
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2084
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2088
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x208c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2090
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2094
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2098
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x209c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x20a0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x20a4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl.RYK, type = size, size_out = 4386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x20a8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x20ac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x20b0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.001.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.001.etl.RYK, type = size, size_out = 4386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.001.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x20b4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Acrobat Reader DC.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Acrobat Reader DC.lnk.RYK, type = size, size_out = 2418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Acrobat Reader DC.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x20b8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x20bc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini.RYK, type = size, size_out = 562 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x20c0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini.RYK, type = size, size_out = 658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x20c4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini.RYK, type = size, size_out = 658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x20c8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini.RYK, type = size, size_out = 658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x20cc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\MasterDescriptor.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\MasterDescriptor.en-us.xml.RYK, type = size, size_out = 22370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\MasterDescriptor.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x20d0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\s641033.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\s641033.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\s641033.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x20d4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\stream.x64.en-us.man.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\stream.x64.en-us.man.dat.RYK, type = size, size_out = 882914 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\stream.x64.en-us.man.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x20d8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\MasterDescriptor.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\MasterDescriptor.x-none.xml.RYK, type = size, size_out = 21298 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\MasterDescriptor.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x20dc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\s640.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\s640.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\s640.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x20e0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\stream.x64.x-none.man.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\stream.x64.x-none.man.dat.RYK, type = size, size_out = 3688738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\stream.x64.x-none.man.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x20e4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\MasterDescriptor.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\MasterDescriptor.en-us.xml.RYK, type = size, size_out = 22370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\MasterDescriptor.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x20e8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\s641033.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\s641033.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\s641033.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x20ec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\stream.x64.en-us.man.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\stream.x64.en-us.man.dat.RYK, type = size, size_out = 882914 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\stream.x64.en-us.man.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x20f0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\MasterDescriptor.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\MasterDescriptor.x-none.xml.RYK, type = size, size_out = 21298 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\MasterDescriptor.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x20f4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\s640.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\s640.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\s640.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x20f8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\stream.x64.x-none.man.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\stream.x64.x-none.man.dat.RYK, type = size, size_out = 3688738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\stream.x64.x-none.man.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x20fc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml.RYK, type = size, size_out = 2258 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2100
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml.RYK, type = size, size_out = 2258 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2104
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml.RYK, type = size, size_out = 1666 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2108
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\MasterDescriptor.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\MasterDescriptor.en-us.xml, type = size, size_out = 31943 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\MasterDescriptor.en-us.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\MasterDescriptor.en-us.xml, size = 31943, size_out = 31943 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\MasterDescriptor.en-us.xml, size = 31952 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\MasterDescriptor.en-us.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\MasterDescriptor.en-us.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\MasterDescriptor.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\MasterDescriptor.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x210c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\s641033.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\s641033.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\s641033.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2110
16
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\Stream.Platform.Culture.man.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\Stream.Platform.Culture.man.xml, type = size, size_out = 1851601 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\Stream.Platform.Culture.man.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\Stream.Platform.Culture.man.xml, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\Stream.Platform.Culture.man.xml, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\Stream.Platform.Culture.man.xml, size = 851601, size_out = 851601 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\Stream.Platform.Culture.man.xml, size = 851616 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\Stream.Platform.Culture.man.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\Stream.Platform.Culture.man.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\Stream.Platform.Culture.man.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\Stream.Platform.Culture.man.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2114
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.hash, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.hash, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.hash, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.hash, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.hash.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.hash, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.hash.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2118
16
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.man.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.man.dat, type = size, size_out = 1067137 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.man.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.man.dat, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.man.dat, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.man.dat, size = 67137, size_out = 67137 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.man.dat, size = 67152 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.man.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.man.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.man.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.man.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x211c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\MasterDescriptor.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\MasterDescriptor.x-none.xml, type = size, size_out = 32205 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\MasterDescriptor.x-none.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\MasterDescriptor.x-none.xml, size = 32205, size_out = 32205 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\MasterDescriptor.x-none.xml, size = 32208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\MasterDescriptor.x-none.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\MasterDescriptor.x-none.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\MasterDescriptor.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\MasterDescriptor.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2120
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\s640.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\s640.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\s640.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2124
22
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\Stream.Platform.x-none.man.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\Stream.Platform.x-none.man.xml, type = size, size_out = 9671548 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\Stream.Platform.x-none.man.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\Stream.Platform.x-none.man.xml, size = 16, size_out = 16 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\Stream.Platform.x-none.man.xml, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\Stream.Platform.x-none.man.xml, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\Stream.Platform.x-none.man.xml, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\Stream.Platform.x-none.man.xml, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\Stream.Platform.x-none.man.xml, size = 0, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\Stream.Platform.x-none.man.xml, size = 16 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\Stream.Platform.x-none.man.xml, size = 10 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\Stream.Platform.x-none.man.xml, size = 268 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\Stream.Platform.x-none.man.xml, size = 16 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\Stream.Platform.x-none.man.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\Stream.Platform.x-none.man.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2128
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.hash, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.hash, type = size, size_out = 128 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.hash, size = 128, size_out = 128 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.hash, size = 144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.hash, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.hash, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.hash, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.hash.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x212c
18
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.man.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.man.dat, type = size, size_out = 5436944 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.man.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.man.dat, size = 16, size_out = 16 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.man.dat, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.man.dat, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.man.dat, size = 0, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.man.dat, size = 16 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.man.dat, size = 10 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.man.dat, size = 268 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.man.dat, size = 16 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.man.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.man.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2130
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man.RYK, type = size, size_out = 414002 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2134
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml, type = size, size_out = 42916 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml, size = 42916, size_out = 42916 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml, size = 42928 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2138
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml.RYK, type = size, size_out = 61042 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x213c
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml, type = size, size_out = 2322 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2140
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml, type = size, size_out = 16514 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2144
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml.RYK, type = size, size_out = 10098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2148
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml, type = size, size_out = 559370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml, size = 559370, size_out = 559370 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml, size = 559376 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x214c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml.RYK, type = size, size_out = 37794 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2150
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml, type = size, size_out = 106560 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml, size = 106560, size_out = 106560 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml, size = 106576 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2154
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml.RYK, type = size, size_out = 22402 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2158
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml.RYK, type = size, size_out = 17250 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x215c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml.RYK, type = size, size_out = 346466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2160
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml.RYK, type = size, size_out = 125810 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2164
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml, type = size, size_out = 2322 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2168
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml, type = size, size_out = 99640 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml, size = 99640, size_out = 99640 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml, size = 99648 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x216c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml.RYK, type = size, size_out = 18738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2170
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml, type = size, size_out = 1810 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2174
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml.RYK, type = size, size_out = 11330 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2178
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml, type = size, size_out = 2310 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml, size = 2310, size_out = 2310 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml, size = 2320 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x217c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml.RYK, type = size, size_out = 11426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2180
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml, type = size, size_out = 99174 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml, size = 99174, size_out = 99174 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml, size = 99184 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2184
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml.RYK, type = size, size_out = 97170 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2188
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml, type = size, size_out = 813604 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml, size = 813604, size_out = 813604 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml, size = 813616 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x218c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml, type = size, size_out = 109708 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml, size = 109708, size_out = 109708 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml, size = 109712 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2190
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml, type = size, size_out = 27122 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2194
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml, type = size, size_out = 35940 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml, size = 35940, size_out = 35940 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml, size = 35952 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2198
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml.RYK, type = size, size_out = 32450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x219c
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml, type = size, size_out = 27810 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x21a0
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml, type = size, size_out = 26082 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x21a4
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml, type = size, size_out = 26082 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x21a8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml.RYK, type = size, size_out = 2322 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x21ac
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml, type = size, size_out = 80552 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml, size = 80552, size_out = 80552 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml, size = 80560 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x21b0
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml, type = size, size_out = 13650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x21b4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml, type = size, size_out = 744782 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml, size = 744782, size_out = 744782 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml, size = 744784 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x21b8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml, type = size, size_out = 194236 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml, size = 194236, size_out = 194236 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml, size = 194240 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x21bc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml.RYK, type = size, size_out = 1175698 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x21c0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml, type = size, size_out = 92330 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml, size = 92330, size_out = 92330 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml, size = 92336 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x21c4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml.RYK, type = size, size_out = 78466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x21c8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates Logon.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates Logon.xml, type = size, size_out = 4084 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates Logon.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates Logon.xml, size = 4084, size_out = 4084 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates Logon.xml, size = 4096 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates Logon.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates Logon.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates Logon.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates Logon.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x21cc
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml, type = size, size_out = 7058 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x21d0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerLogon.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerLogon.xml, type = size, size_out = 2816 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerLogon.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerLogon.xml, size = 2816, size_out = 2816 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerLogon.xml, size = 2832 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerLogon.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerLogon.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerLogon.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerLogon.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x21d4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml, type = size, size_out = 3004 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml, size = 3004, size_out = 3004 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml, size = 3008 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x21d8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml, type = size, size_out = 3304 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml, size = 3304, size_out = 3304 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml, size = 3312 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x21dc
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml, type = size, size_out = 3238 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml, size = 3238, size_out = 3238 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml, size = 3248 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x21e0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man.RYK, type = size, size_out = 114018 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x21e4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man.RYK, type = size, size_out = 1077666 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x21f0
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b, type = size, size_out = 338 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x21f4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, type = size, size_out = 338 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x21f8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848.RYK, type = size, size_out = 1842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x21fc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2200
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2204
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2208
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x220c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2210
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2214
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2218
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x221c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2220
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2224
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2228
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x222c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2230
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2234
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2238
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x223c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2240
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2244
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2248
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x224c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2250
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2254
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2258
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x225c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2260
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_settings.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_settings.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_settings.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2264
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2268
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static.RYK, type = size, size_out = 2898 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x226c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\cfc.flights.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\cfc.flights.json, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\cfc.flights.json.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2270
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2274
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk.RYK, type = size, size_out = 962 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2278
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x227c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk.RYK, type = size, size_out = 1634 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2280
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl.RYK, type = size, size_out = 917794 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2284
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events00.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events00.rbs, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events00.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2288
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events01.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events01.rbs, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events01.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x228c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events10.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events10.rbs, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events10.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2290
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events11.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events11.rbs, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events11.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2294
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\parse.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\parse.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\parse.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x229c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Active.GRL.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Active.GRL.RYK, type = size, size_out = 15250 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Active.GRL.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x22a0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Pending.GRL.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Pending.GRL.RYK, type = size, size_out = 15250 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Pending.GRL.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x22a4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x22a8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x22ac
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\ClickToRunPackageLocker.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\ClickToRunPackageLocker.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x22b0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\countrytable.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\countrytable.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\countrytable.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x22b4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml.RYK, type = size, size_out = 4018 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x22b8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x22bc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 2098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x22c0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 2098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x22c4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml.RYK, type = size, size_out = 834 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x22c8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml.RYK, type = size, size_out = 1538 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x22cc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x22d0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 642 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x22d4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 642 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x22d8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml.RYK, type = size, size_out = 626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x22dc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml.RYK, type = size, size_out = 5810 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x22e0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x22e4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 3570 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x22e8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 3570 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x22ec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml.RYK, type = size, size_out = 594 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x22f0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml.RYK, type = size, size_out = 6818 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x22f4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2300
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 3314 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2304
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 2114 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2308
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_2.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 2594 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x230c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml.RYK, type = size, size_out = 866 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2310
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml.RYK, type = size, size_out = 8274 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2314
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2318
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 4322 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x231c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 3586 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2320
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_2.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 2098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2324
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml.RYK, type = size, size_out = 834 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2328
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml.RYK, type = size, size_out = 1266 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x232c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2338
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 914 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x233c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime.xml.RYK, type = size, size_out = 482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2340
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\customizations.xml.RYK, type = size, size_out = 2514 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2344
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2348
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 1938 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x234c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml.RYK, type = size, size_out = 626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2350
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml.RYK, type = size, size_out = 7618 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2354
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2358
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 7362 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x235c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime.xml.RYK, type = size, size_out = 626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2360
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\customizations.xml.RYK, type = size, size_out = 3634 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2364
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2368
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 2098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2370
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 2098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2374
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime.xml.RYK, type = size, size_out = 594 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2378
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml.RYK, type = size, size_out = 2498 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x237c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2380
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 1922 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2384
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime.xml.RYK, type = size, size_out = 626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2388
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\customizations.xml.RYK, type = size, size_out = 2098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x238c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2390
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 1330 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2394
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime.xml.RYK, type = size, size_out = 626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2398
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml.RYK, type = size, size_out = 3778 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x239c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x23a0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 2130 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x23a8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 2130 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x23ac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime.xml.RYK, type = size, size_out = 594 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x23b0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\customizations.xml.RYK, type = size, size_out = 25778 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x23b4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x23b8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_2.provxml.RYK, type = size, size_out = 6114 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_2.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x23bc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_2.provxml.RYK, type = size, size_out = 1698 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_2.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x23c0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_2.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_2.provxml.RYK, type = size, size_out = 4402 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_2.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x23c4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_3.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_3.provxml.RYK, type = size, size_out = 6482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_3.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x23c8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_4.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_2.provxml.RYK, type = size, size_out = 6738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_2.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x23cc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_5.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_2.provxml.RYK, type = size, size_out = 3714 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_2.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x23d0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_6.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_2.provxml.RYK, type = size, size_out = 2642 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_2.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x23d4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime.xml.RYK, type = size, size_out = 1586 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x23d8
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\Administrator.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\Administrator.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x23dc
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\CIiHmnxMn6Ps.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\CIiHmnxMn6Ps.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x23e0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.bmp.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.bmp.RYK, type = size, size_out = 803154 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.bmp.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x23e4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.png.RYK, type = size, size_out = 5682 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x23e8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-192.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-192.png.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-192.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x23ec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png.RYK, type = size, size_out = 690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x23f0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-40.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-40.png.RYK, type = size, size_out = 722 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-40.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x23f4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png.RYK, type = size, size_out = 786 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x23f8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.bmp.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.bmp.RYK, type = size, size_out = 803154 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.bmp.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x23fc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.png.RYK, type = size, size_out = 5682 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xe30
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch.RYK, type = size, size_out = 434 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x874
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x41c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x9f4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol.RYK, type = size, size_out = 722 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2494
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsBase.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsBase.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsBase.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2498
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsDlta.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsDlta.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsDlta.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x249c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvBase.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvBase.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvBase.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x24a0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvDlta.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvDlta.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvDlta.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x24a4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisBase.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisBase.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisBase.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x24a8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisFull.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisFull.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisFull.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x24ac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Network Inspection System\Support\NisLog.txt.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Network Inspection System\Support\NisLog.txt.RYK, type = size, size_out = 35090 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Network Inspection System\Support\NisLog.txt.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x24b0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\CacheManager\MpScanCache-1.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\CacheManager\MpScanCache-1.bin, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\CacheManager\MpScanCache-1.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x24b4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\00\192.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\00\192.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\00\192.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x24b8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\198.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\198.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\198.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x24bc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\263.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\263.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\263.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x24c0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\271.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\271.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\271.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x24c4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\02\303.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\02\303.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\02\303.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x24c8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\03\324.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\03\324.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\03\324.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x24cc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\259.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\259.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\259.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x24d0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\261.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\261.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\261.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x24d4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\191.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\191.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\191.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x24d8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\199.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\199.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\199.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x24dc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\317.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\317.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\317.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x24e0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\06\13710.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\06\13710.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\06\13710.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x24e4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\07\273.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\07\273.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\07\273.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x24e8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\13711.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\13711.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\13711.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x24ec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\238.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\238.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\238.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x24f0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\287.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\287.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\287.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x24f4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\197.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\197.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\197.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x24f8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\267.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\267.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\267.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x24fc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\286.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\286.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\286.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2500
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\11\200.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\11\200.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\11\200.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2504
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\12\194.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\12\194.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\12\194.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2508
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\13\278.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\13\278.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\13\278.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x250c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\14\9664.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\14\9664.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\14\9664.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2510
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\13712.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\13712.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\13712.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2514
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\196.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\196.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\196.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2518
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\262.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\262.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\262.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x251c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\288.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\288.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\288.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2520
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\193.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\193.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\193.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2524
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\300.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\300.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\300.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2528
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107001.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107001.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107001.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x252c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107002.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107002.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107002.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2530
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\195.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\195.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\195.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2534
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\266.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\266.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\266.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2538
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\272.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\272.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\272.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x253c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\328.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\328.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\328.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2540
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\20\189.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\20\189.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\20\189.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2544
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\13719.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\13719.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\13719.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2548
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\260.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\260.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\260.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x254c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\22\323.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\22\323.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\22\323.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2550
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log.RYK, type = size, size_out = 24 |
|
2 |
Thread 0x2554
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\1\0000000000000000.idx.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\1\0000000000000000.idx.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\1\0000000000000000.idx.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2558
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\0000000000000000.idx.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\0000000000000000.idx.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\0000000000000000.idx.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x255c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat.RYK, type = size, size_out = 514 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2560
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat.RYK, type = size, size_out = 738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2564
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\94\A75BFDE52F3DD8E6.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\94\A75BFDE52F3DD8E6.dat.RYK, type = size, size_out = 642 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\94\A75BFDE52F3DD8E6.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2568
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\3\0000000000000000.idx.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\3\0000000000000000.idx.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\3\0000000000000000.idx.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x256c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\4\0000000000000000.idx.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\4\0000000000000000.idx.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\4\0000000000000000.idx.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2570
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67.RYK, type = size, size_out = 187773223 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2574
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E.RYK, type = size, size_out = 3354914 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2578
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80.RYK, type = size, size_out = 12480806 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x257c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87.RYK, type = size, size_out = 2519330 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2580
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0.RYK, type = size, size_out = 4600098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2584
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CB.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CB.RYK, type = size, size_out = 295202 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CB.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2588
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CC.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CC.RYK, type = size, size_out = 553250 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CC.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x258c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.RYK, type = size, size_out = 10707341 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2590
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE0.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE0.RYK, type = size, size_out = 59793703 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE0.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2594
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1.RYK, type = size, size_out = 5488934 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2598
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VF.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VF.RYK, type = size, size_out = 1933346 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VF.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x259c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MpDiag.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MpDiag.bin.RYK, type = size, size_out = 402 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MpDiag.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x25a0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Live\WLive48x48.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Live\WLive48x48.png.RYK, type = size, size_out = 4946 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Live\WLive48x48.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x25a4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\confident.cov, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\confident.cov, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\confident.cov.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x25a8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\fyi.cov, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\fyi.cov, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\fyi.cov.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x25ac
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\generic.cov, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\generic.cov, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\generic.cov.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x25b0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\urgent.cov, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\urgent.cov, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\urgent.cov.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x25b4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\WelcomeFax.tif, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\WelcomeFax.tif, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\WelcomeFax.tif.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x25b8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSScan\WelcomeScan.jpg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSScan\WelcomeScan.jpg, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSScan\WelcomeScan.jpg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x25bc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft OneDrive\setup\refcount.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft OneDrive\setup\refcount.ini.RYK, type = size, size_out = 306 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft OneDrive\setup\refcount.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x25c0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp.RYK, type = size, size_out = 338 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x25c4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8.RYK, type = size, size_out = 82552220 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x25c8
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab, type = size, size_out = 997330 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x25cc
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, type = size, size_out = 143360 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, size = 143360, size_out = 143360 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\RyukReadMe.txt, size = 143376 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x25d0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm.RYK, type = size, size_out = 930 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x25d4
18
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab, type = size, size_out = 5800228 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab, size = 16, size_out = 16 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab, size = 0, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab, size = 16 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab, size = 10 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab, size = 268 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab, size = 16 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x25d8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x25dc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm.RYK, type = size, size_out = 930 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x25e0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm.RYK, type = size, size_out = 1042 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x25e4
16
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\cab1.cab, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\cab1.cab, type = size, size_out = 1462871 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\cab1.cab, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\cab1.cab, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\cab1.cab, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\cab1.cab, size = 462871, size_out = 462871 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\cab1.cab, size = 462880 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\cab1.cab, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\cab1.cab, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\cab1.cab, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x25e8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x25ec
18
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab, type = size, size_out = 5588256 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab, size = 16, size_out = 16 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab, size = 0, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab, size = 16 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab, size = 10 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab, size = 268 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab, size = 16 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x25f0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x25f4
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\cab1.cab, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\cab1.cab, type = size, size_out = 1266802 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\cab1.cab, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\cab1.cab, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\cab1.cab, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x25f8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, type = size, size_out = 147456 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\RyukReadMe.txt, size = 147456, size_out = 147456 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\RyukReadMe.txt, size = 147472 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x25fc
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab, type = size, size_out = 1034786 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2600
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, type = size, size_out = 143360 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, size = 143360, size_out = 143360 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\RyukReadMe.txt, size = 143376 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2604
18
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab, type = size, size_out = 5153816 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab, size = 16, size_out = 16 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab, size = 0, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab, size = 16 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab, size = 10 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab, size = 268 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab, size = 16 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2608
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x260c
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab, type = size, size_out = 821970 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2610
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, type = size, size_out = 151552 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, size = 151552, size_out = 151552 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, size = 151568 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2614
28
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\cab1.cab, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\cab1.cab, type = size, size_out = 4988786 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\cab1.cab, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\cab1.cab, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\cab1.cab, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\cab1.cab, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\cab1.cab, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\cab1.cab, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\cab1.cab, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\cab1.cab, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\cab1.cab, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\cab1.cab, size = 988786, size_out = 988786 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\RyukReadMe.txt, size = 988800 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\cab1.cab, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2618
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x261c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm.RYK, type = size, size_out = 930 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2620
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab, type = size, size_out = 810050 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2624
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, type = size, size_out = 151552 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, size = 151552, size_out = 151552 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, size = 151568 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2628
18
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab, type = size, size_out = 5881317 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab, size = 16, size_out = 16 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\RyukReadMe.txt, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\RyukReadMe.txt, size = 0, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\RyukReadMe.txt, size = 16 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\RyukReadMe.txt, size = 10 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\RyukReadMe.txt, size = 16 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x262c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2630
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm.RYK, type = size, size_out = 1042 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2634
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm.RYK, type = size, size_out = 930 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2638
28
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab, type = size, size_out = 4932896 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab, size = 932896, size_out = 932896 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab, size = 932912 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x263c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2640
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag, type = size, size_out = 1076 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag, size = 1076, size_out = 1076 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag, size = 1088 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2644
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag, type = size, size_out = 1072 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag, size = 1072, size_out = 1072 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag, size = 1088 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2648
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag, type = size, size_out = 1075 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag, size = 1075, size_out = 1075 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag, size = 1088 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x264c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2650
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2654
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access 2016.lnk.RYK, type = size, size_out = 2706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2658
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access.lnk.RYK, type = size, size_out = 2706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x265c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Desktop.ini.RYK, type = size, size_out = 658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2660
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Speech Recognition.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Speech Recognition.lnk.RYK, type = size, size_out = 1522 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Speech Recognition.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2664
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini.RYK, type = size, size_out = 1762 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2668
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk.RYK, type = size, size_out = 1458 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x266c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Paint.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Paint.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Paint.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2670
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk.RYK, type = size, size_out = 1490 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2674
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2678
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk.RYK, type = size, size_out = 1378 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x267c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Sticky Notes.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Sticky Notes.lnk.RYK, type = size, size_out = 1474 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Sticky Notes.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2680
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\Character Map.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\Character Map.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\Character Map.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2684
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\desktop.ini.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2688
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini.RYK, type = size, size_out = 466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x268c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2690
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk.RYK, type = size, size_out = 1378 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2694
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Media Player.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Media Player.lnk.RYK, type = size, size_out = 1634 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Media Player.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2698
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x269c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x26a0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x26a4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Component Services.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Component Services.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Component Services.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x26a8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Computer Management.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Computer Management.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Computer Management.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x26ac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini.RYK, type = size, size_out = 2882 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x26b0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x26b4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x26b8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Event Viewer.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Event Viewer.lnk.RYK, type = size, size_out = 1458 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Event Viewer.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x26bc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk.RYK, type = size, size_out = 1426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x26c0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk.RYK, type = size, size_out = 1426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x26c4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk.RYK, type = size, size_out = 1426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x26c8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk.RYK, type = size, size_out = 1426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x26cc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x26d0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x26d4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x26d8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x26dc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x26e0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Configuration.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Configuration.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Configuration.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x26e4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Information.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Information.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Information.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x26e8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x26ec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x26f0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOPrivate\UpdateStore\RyukReadMe.txt, type = size, size_out = 1298 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOPrivate\UpdateStore\RyukReadMe.txt, size = 25, size_out = 25 |
|
1 |
Thread 0x26f4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Desktop.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Desktop.lnk.RYK, type = size, size_out = 1138 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Desktop.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x26f8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk.RYK, type = size, size_out = 2482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x26fc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk.RYK, type = size, size_out = 2706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2700
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel.lnk.RYK, type = size, size_out = 2706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2704
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Immersive Control Panel.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Immersive Control Panel.lnk.RYK, type = size, size_out = 2626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Immersive Control Panel.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2708
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\About Java.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\About Java.lnk.RYK, type = size, size_out = 2386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\About Java.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x270c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Check For Updates.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Check For Updates.lnk.RYK, type = size, size_out = 2402 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Check For Updates.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2710
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Configure Java.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Configure Java.lnk.RYK, type = size, size_out = 2354 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Configure Java.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2714
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Get Help.url.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Get Help.url.RYK, type = size, size_out = 466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Get Help.url.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2718
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url.RYK, type = size, size_out = 466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x271c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2720
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Database Compare 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Database Compare 2016.lnk.RYK, type = size, size_out = 2850 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Database Compare 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2724
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Language Preferences.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Language Preferences.lnk.RYK, type = size, size_out = 2722 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Language Preferences.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2728
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk.RYK, type = size, size_out = 2866 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x272c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk.RYK, type = size, size_out = 2866 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2730
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Skype for Business Recording Manager.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Skype for Business Recording Manager.lnk.RYK, type = size, size_out = 2754 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Skype for Business Recording Manager.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2734
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk.RYK, type = size, size_out = 2850 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2738
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Dashboard for Office 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.man.dat.RYK, type = size, size_out = 2802 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.man.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x273c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Log for Office 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Log for Office 2016.lnk.RYK, type = size, size_out = 2866 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Log for Office 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2740
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\MiracastView.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\MiracastView.lnk.RYK, type = size, size_out = 2498 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\MiracastView.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2744
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneDrive for Business.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneDrive for Business.lnk.RYK, type = size, size_out = 2482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneDrive for Business.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2748
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneNote 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneNote 2016.lnk.RYK, type = size, size_out = 2674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneNote 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x274c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2750
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook.lnk.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2754
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint 2016.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2758
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x275c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk.RYK, type = size, size_out = 2482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2760
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project 2016.lnk.RYK, type = size, size_out = 2754 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2764
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project.lnk.RYK, type = size, size_out = 2450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2768
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher 2016.lnk.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x276c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher.lnk.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2770
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Search.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Search.lnk.RYK, type = size, size_out = 1874 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Search.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2774
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business 2016.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2778
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x277c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\StartUp\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\StartUp\desktop.ini.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\StartUp\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2780
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk.RYK, type = size, size_out = 1538 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2784
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini.RYK, type = size, size_out = 738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2788
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x278c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2790
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio.lnk.RYK, type = size, size_out = 2434 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2794
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2798
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x279c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml.RYK, type = size, size_out = 1122 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x27a0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x27a4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x27a8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x27ac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x27b0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x27b4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x27b8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x27bc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x27c0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x27c4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x27c8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x27cc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x27d0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x27d4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x27d8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x27dc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x27e0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x27e4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x27e8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl.RYK, type = size, size_out = 4386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x27ec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x27f0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x27f4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.001.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.001.etl.RYK, type = size, size_out = 4386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.001.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x27f8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Acrobat Reader DC.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Acrobat Reader DC.lnk.RYK, type = size, size_out = 2418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Acrobat Reader DC.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x27fc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2408
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini.RYK, type = size, size_out = 562 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x240c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini.RYK, type = size, size_out = 658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x22fc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini.RYK, type = size, size_out = 658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x23a4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini.RYK, type = size, size_out = 658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2334
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\MasterDescriptor.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\MasterDescriptor.en-us.xml.RYK, type = size, size_out = 22370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\MasterDescriptor.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2298
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\s641033.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\s641033.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\s641033.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x236c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\stream.x64.en-us.man.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\stream.x64.en-us.man.dat.RYK, type = size, size_out = 882914 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\stream.x64.en-us.man.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2404
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\MasterDescriptor.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\MasterDescriptor.x-none.xml.RYK, type = size, size_out = 21298 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\MasterDescriptor.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x22f8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\s640.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\s640.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\s640.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2330
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\stream.x64.x-none.man.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\stream.x64.x-none.man.dat.RYK, type = size, size_out = 3688738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\stream.x64.x-none.man.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x604
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\MasterDescriptor.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\MasterDescriptor.en-us.xml.RYK, type = size, size_out = 22370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\MasterDescriptor.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2414
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\s641033.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\s641033.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\s641033.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2424
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\stream.x64.en-us.man.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\stream.x64.en-us.man.dat.RYK, type = size, size_out = 882914 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\stream.x64.en-us.man.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x243c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\MasterDescriptor.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\MasterDescriptor.x-none.xml.RYK, type = size, size_out = 21298 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\MasterDescriptor.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2440
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\s640.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\s640.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\s640.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x241c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\stream.x64.x-none.man.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\stream.x64.x-none.man.dat.RYK, type = size, size_out = 3688738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\stream.x64.x-none.man.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x242c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml.RYK, type = size, size_out = 2258 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2434
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml.RYK, type = size, size_out = 2258 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2430
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml.RYK, type = size, size_out = 1666 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2438
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2418
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2420
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserDeploymentConfiguration.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserDeploymentConfiguration.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserDeploymentConfiguration.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2804
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2808
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\MasterDescriptor.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\MasterDescriptor.en-us.xml.RYK, type = size, size_out = 32226 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\MasterDescriptor.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x280c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\s641033.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\s641033.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\s641033.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2810
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\Stream.Platform.Culture.man.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\Stream.Platform.Culture.man.xml.RYK, type = size, size_out = 1851890 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\Stream.Platform.Culture.man.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2814
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.hash.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2818
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.man.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.man.dat.RYK, type = size, size_out = 1067426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.man.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x281c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\MasterDescriptor.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\MasterDescriptor.x-none.xml.RYK, type = size, size_out = 32482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\MasterDescriptor.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2820
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\s640.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\s640.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\s640.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2824
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\Stream.Platform.x-none.man.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\Stream.Platform.x-none.man.xml.RYK, type = size, size_out = 9671842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\Stream.Platform.x-none.man.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2828
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.hash.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x282c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.man.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.man.dat.RYK, type = size, size_out = 5437238 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.man.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2830
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man.RYK, type = size, size_out = 414002 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2834
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 43202 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2838
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml.RYK, type = size, size_out = 61042 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x283c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml.RYK, type = size, size_out = 2322 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2840
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 16514 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2844
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml.RYK, type = size, size_out = 10098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2848
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 559650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x284c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml.RYK, type = size, size_out = 37794 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2850
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 106850 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2854
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml.RYK, type = size, size_out = 22402 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2858
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml.RYK, type = size, size_out = 17250 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x285c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml.RYK, type = size, size_out = 346466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2860
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml.RYK, type = size, size_out = 125810 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2864
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml.RYK, type = size, size_out = 2322 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2868
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 99922 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x286c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml.RYK, type = size, size_out = 18738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2870
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 1810 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2874
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml.RYK, type = size, size_out = 11330 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2878
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 2594 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x287c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml.RYK, type = size, size_out = 11426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2880
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 99458 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2884
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml.RYK, type = size, size_out = 97170 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2888
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml, type = size, size_out = 813890 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2894
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml, type = size, size_out = 109986 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2898
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml.RYK, type = size, size_out = 27122 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x289c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 36226 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x28a0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml.RYK, type = size, size_out = 32450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x28a4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml.RYK, type = size, size_out = 27810 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x28a8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml.RYK, type = size, size_out = 26082 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x28ac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.RYK, type = size, size_out = 26082 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x28b0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml.RYK, type = size, size_out = 2322 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x28b4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 80834 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x28b8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml.RYK, type = size, size_out = 13650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x28bc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 745058 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x28c0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 194514 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x28c4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml.RYK, type = size, size_out = 1175698 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x28c8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 92610 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x28cc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml.RYK, type = size, size_out = 78466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x28d0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates Logon.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates Logon.xml.RYK, type = size, size_out = 4370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates Logon.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x28d4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml.RYK, type = size, size_out = 7058 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x28d8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerLogon.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerLogon.xml.RYK, type = size, size_out = 3106 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerLogon.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x28e8
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml, type = size, size_out = 3282 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x28ec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml.RYK, type = size, size_out = 3586 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x28f0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml.RYK, type = size, size_out = 3522 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x28f4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man.RYK, type = size, size_out = 114018 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x28f8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man.RYK, type = size, size_out = 1077666 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x28fc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, type = size, size_out = 338 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2904
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, type = size, size_out = 338 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2908
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848.RYK, type = size, size_out = 1842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x290c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2910
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2914
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2918
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x291c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2920
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2924
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2928
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x292c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2930
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2934
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2938
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x293c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2940
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2944
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2948
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x294c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2950
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2954
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2958
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x295c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2960
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2964
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2968
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x296c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2970
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_settings.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_settings.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_settings.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2974
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2978
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static.RYK, type = size, size_out = 2898 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x297c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\cfc.flights.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\cfc.flights.json, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\cfc.flights.json.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2980
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2984
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk.RYK, type = size, size_out = 962 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2988
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x298c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk.RYK, type = size, size_out = 1634 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2994
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl.RYK, type = size, size_out = 917794 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2998
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events00.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events00.rbs, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events00.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x299c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events01.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events01.rbs, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events01.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x29a0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events10.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events10.rbs, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events10.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x29a4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events11.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events11.rbs, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events11.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x29a8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\parse.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\parse.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\parse.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x29ac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Active.GRL.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Active.GRL.RYK, type = size, size_out = 15250 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Active.GRL.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x29b0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Pending.GRL.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Pending.GRL.RYK, type = size, size_out = 15250 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Pending.GRL.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x29b4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x29b8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x29bc
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\ClickToRunPackageLocker.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\ClickToRunPackageLocker.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x29c0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\countrytable.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\countrytable.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\countrytable.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x29c4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml.RYK, type = size, size_out = 4018 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x29c8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x29cc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 2098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x29d0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 2098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x29d4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml.RYK, type = size, size_out = 834 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x29d8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml.RYK, type = size, size_out = 1538 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x29dc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x29e0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 642 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x29e4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 642 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x29e8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml.RYK, type = size, size_out = 626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x29ec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml.RYK, type = size, size_out = 5810 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x29f0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x29f4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 3570 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x29f8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 3570 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x29fc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml.RYK, type = size, size_out = 594 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2a00
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml.RYK, type = size, size_out = 6818 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2a04
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2a08
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 3314 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2a0c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 2114 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2a10
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_2.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_2.provxml.RYK, type = size, size_out = 2594 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_2.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2a18
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml.RYK, type = size, size_out = 866 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2a1c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml.RYK, type = size, size_out = 8274 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2a20
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2a24
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 4322 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2a28
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 3586 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2a2c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_2.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_2.provxml.RYK, type = size, size_out = 2098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_2.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2a30
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml.RYK, type = size, size_out = 834 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2a34
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml.RYK, type = size, size_out = 1266 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2a38
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2a3c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 914 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2a40
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime.xml.RYK, type = size, size_out = 482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2a44
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\customizations.xml.RYK, type = size, size_out = 2514 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2a48
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2a4c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 1938 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2a50
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml.RYK, type = size, size_out = 626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2a54
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml.RYK, type = size, size_out = 7618 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2a58
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2a5c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 7362 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2a60
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime.xml.RYK, type = size, size_out = 626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2a64
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\customizations.xml.RYK, type = size, size_out = 3634 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2a68
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2a6c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 2098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2a70
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 2098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2a80
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime.xml.RYK, type = size, size_out = 594 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2a84
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml.RYK, type = size, size_out = 2498 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2a88
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2a8c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 1922 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2a90
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime.xml.RYK, type = size, size_out = 626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2a94
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\customizations.xml.RYK, type = size, size_out = 2098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2a98
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2a9c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 1330 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2aa0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime.xml.RYK, type = size, size_out = 626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2aa4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml.RYK, type = size, size_out = 3778 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2aa8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2aac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 2130 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2ab0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 2130 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2ab4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime.xml.RYK, type = size, size_out = 594 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2ab8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\customizations.xml.RYK, type = size, size_out = 25778 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2abc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2ac0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 6114 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2ac4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 1698 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2ac8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_2.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_2.provxml.RYK, type = size, size_out = 4402 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_2.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2acc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_3.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_3.provxml.RYK, type = size, size_out = 6482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_3.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2ad0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_4.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_4.provxml.RYK, type = size, size_out = 6738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_4.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2ad4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_5.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_5.provxml.RYK, type = size, size_out = 3714 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_5.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2ad8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_6.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_6.provxml.RYK, type = size, size_out = 2642 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_6.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2adc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime.xml.RYK, type = size, size_out = 1586 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2af4
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\Administrator.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\Administrator.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x2af8
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\CIiHmnxMn6Ps.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\CIiHmnxMn6Ps.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x2afc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.bmp.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.bmp.RYK, type = size, size_out = 803154 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.bmp.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2b00
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.png.RYK, type = size, size_out = 5682 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2b04
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-192.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-192.png.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-192.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2b08
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png.RYK, type = size, size_out = 690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2b0c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-40.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-40.png.RYK, type = size, size_out = 722 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-40.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2b10
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png.RYK, type = size, size_out = 786 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2b14
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.bmp.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.bmp.RYK, type = size, size_out = 803154 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.bmp.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2b18
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.png.RYK, type = size, size_out = 5682 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2b1c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch.RYK, type = size, size_out = 434 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2b20
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2b24
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2b28
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol.RYK, type = size, size_out = 722 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2b60
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsBase.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsBase.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsBase.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2b64
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsDlta.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsDlta.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsDlta.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2b68
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvBase.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvBase.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvBase.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2b6c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvDlta.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvDlta.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvDlta.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2b70
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisBase.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisBase.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisBase.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2b74
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisFull.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisFull.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisFull.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2b78
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Network Inspection System\Support\NisLog.txt.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Network Inspection System\Support\NisLog.txt.RYK, type = size, size_out = 35090 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Network Inspection System\Support\NisLog.txt.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2b7c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\CacheManager\MpScanCache-1.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\CacheManager\MpScanCache-1.bin, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\CacheManager\MpScanCache-1.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2b80
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\00\192.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\00\192.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\00\192.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2b84
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\198.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\198.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\198.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2b88
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\263.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\263.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\263.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2b8c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\271.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\271.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\271.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2b90
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\02\303.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\02\303.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\02\303.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2b94
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\03\324.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\03\324.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\03\324.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2b98
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\259.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\259.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\259.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2b9c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\261.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\261.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\261.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2ba0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\191.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\191.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\191.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2ba4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\199.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\199.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\199.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2ba8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\317.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\317.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\317.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2bac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\06\13710.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\06\13710.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\06\13710.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2bb0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\07\273.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\07\273.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\07\273.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2bb4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\13711.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\13711.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\13711.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2bb8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\238.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\238.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\238.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2bbc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\287.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\287.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\287.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2bc0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\197.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\197.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\197.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2bc4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\267.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\267.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\267.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2bc8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\286.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\286.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\286.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2bcc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\11\200.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\11\200.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\11\200.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2bd0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\12\194.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\12\194.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\12\194.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2bd4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\13\278.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\13\278.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\13\278.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2bd8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\14\9664.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\14\9664.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\14\9664.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2bdc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\13712.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\13712.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\13712.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2be0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\196.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\196.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\196.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2be4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\262.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\262.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\262.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2be8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\288.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\288.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\288.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2bec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\193.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\193.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\193.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2bf0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\300.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\300.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\300.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2bf4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107001.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107001.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107001.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2bf8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107002.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107002.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107002.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2bfc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\195.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\195.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\195.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2428
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\266.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\266.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\266.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x28e0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\272.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\272.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\272.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2a7c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\328.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\328.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\328.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x7ac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\20\189.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\20\189.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\20\189.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2aec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\13719.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\13719.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\13719.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2a78
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\260.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\260.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\260.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2b30
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\22\323.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\22\323.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\22\323.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2890
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log.RYK, type = size, size_out = 24 |
|
2 |
Thread 0x2900
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\1\0000000000000000.idx.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\1\0000000000000000.idx.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\1\0000000000000000.idx.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2a74
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\0000000000000000.idx.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\0000000000000000.idx.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\0000000000000000.idx.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2a14
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat.RYK, type = size, size_out = 514 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2990
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat.RYK, type = size, size_out = 738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x288c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\94\A75BFDE52F3DD8E6.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\94\A75BFDE52F3DD8E6.dat.RYK, type = size, size_out = 642 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\94\A75BFDE52F3DD8E6.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x28e4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\3\0000000000000000.idx.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\3\0000000000000000.idx.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\3\0000000000000000.idx.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2b4c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\4\0000000000000000.idx.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\4\0000000000000000.idx.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\4\0000000000000000.idx.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x28dc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67.RYK, type = size, size_out = 187773223 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2b50
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E.RYK, type = size, size_out = 3354914 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2ae4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80.RYK, type = size, size_out = 12480806 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2b34
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87.RYK, type = size, size_out = 2519330 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2b48
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0.RYK, type = size, size_out = 4600098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2b44
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CB.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CB.RYK, type = size, size_out = 295202 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CB.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2b3c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CC.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CC.RYK, type = size, size_out = 553250 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CC.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2ae0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.RYK, type = size, size_out = 10707341 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2b2c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE0.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE0.RYK, type = size, size_out = 59793703 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE0.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2ae8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1.RYK, type = size, size_out = 5488934 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2b40
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VF.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VF.RYK, type = size, size_out = 1933346 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VF.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2b54
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MpDiag.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MpDiag.bin.RYK, type = size, size_out = 402 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MpDiag.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2b58
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Live\WLive48x48.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Live\WLive48x48.png.RYK, type = size, size_out = 4946 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Live\WLive48x48.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2af0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\confident.cov, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\confident.cov, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\confident.cov.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2b5c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\fyi.cov, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\fyi.cov, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\fyi.cov.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2c04
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\generic.cov, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\generic.cov, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\generic.cov.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2c08
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\urgent.cov, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\urgent.cov, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\urgent.cov.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2c0c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\WelcomeFax.tif, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\WelcomeFax.tif, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\WelcomeFax.tif.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2c10
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSScan\WelcomeScan.jpg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSScan\WelcomeScan.jpg, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSScan\WelcomeScan.jpg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2c14
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft OneDrive\setup\refcount.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft OneDrive\setup\refcount.ini.RYK, type = size, size_out = 306 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft OneDrive\setup\refcount.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2c18
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp.RYK, type = size, size_out = 338 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2c1c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8.RYK, type = size, size_out = 82552220 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2c20
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, type = size, size_out = 997330 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2c24
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, type = size, size_out = 143650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2c28
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm.RYK, type = size, size_out = 930 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2c2c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, type = size, size_out = 5800522 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2c30
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi, type = size, size_out = 151552 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi, size = 151552, size_out = 151552 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi, size = 151568 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2c34
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm.RYK, type = size, size_out = 930 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2c38
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm.RYK, type = size, size_out = 1042 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2c3c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, type = size, size_out = 1463154 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2c40
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, type = size, size_out = 147456 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, size = 147456, size_out = 147456 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, size = 147472 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2c44
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, type = size, size_out = 5588550 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2c48
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi, type = size, size_out = 143360 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi, size = 143360, size_out = 143360 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm.RYK, size = 143376 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm.RYK, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm.RYK, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2c4c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, type = size, size_out = 1266802 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2c50
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, type = size, size_out = 147746 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2c54
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, type = size, size_out = 1034786 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2c58
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, type = size, size_out = 143650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2c5c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, type = size, size_out = 5154110 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2c60
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi, type = size, size_out = 151552 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi, size = 151552, size_out = 151552 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi, size = 151568 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2c64
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, type = size, size_out = 821970 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2c68
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, type = size, size_out = 151842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2c6c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, type = size, size_out = 4989074 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2c70
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi, type = size, size_out = 143360 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi, size = 143360, size_out = 143360 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\SoftwareDistribution\RyukReadMe.txt, size = 143376 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\SoftwareDistribution\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\SoftwareDistribution\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2c74
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm.RYK, type = size, size_out = 930 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2c78
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, type = size, size_out = 810050 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2c7c
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, type = size, size_out = 151842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2c80
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, type = size, size_out = 5881611 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2c84
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi, type = size, size_out = 143360 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi, size = 143360, size_out = 143360 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi, size = 143376 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2c88
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm.RYK, type = size, size_out = 1042 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2c8c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm.RYK, type = size, size_out = 930 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2c90
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, type = size, size_out = 4933186 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2c94
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi, type = size, size_out = 143360 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi, size = 143360, size_out = 143360 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi, size = 143376 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2c98
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag.RYK, type = size, size_out = 1362 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2c9c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag.RYK, type = size, size_out = 1362 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2ca0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag.RYK, type = size, size_out = 1362 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2ca4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2ca8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2cac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk.RYK, type = size, size_out = 2706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2cb0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access.lnk.RYK, type = size, size_out = 2706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2cb4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Desktop.ini.RYK, type = size, size_out = 658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2cb8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Speech Recognition.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Speech Recognition.lnk.RYK, type = size, size_out = 1522 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Speech Recognition.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2cbc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini.RYK, type = size, size_out = 1762 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2cc0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk.RYK, type = size, size_out = 1458 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2cc4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Paint.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Paint.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Paint.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2cc8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk.RYK, type = size, size_out = 1490 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2ccc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2cd0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk.RYK, type = size, size_out = 1378 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2cd4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Sticky Notes.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Sticky Notes.lnk.RYK, type = size, size_out = 1474 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Sticky Notes.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2cd8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\Character Map.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\Character Map.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\Character Map.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2cdc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\desktop.ini.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2ce0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Sticky Notes.lnk.RYK, type = size, size_out = 466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Sticky Notes.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2ce4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2ce8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk.RYK, type = size, size_out = 1378 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2cec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Media Player.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Media Player.lnk.RYK, type = size, size_out = 1634 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Media Player.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2cf0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2cf4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2cf8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2cfc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Component Services.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Component Services.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Component Services.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2d00
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Computer Management.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Computer Management.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Computer Management.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2d04
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini.RYK, type = size, size_out = 2882 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2d08
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2d0c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2d10
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Event Viewer.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Event Viewer.lnk.RYK, type = size, size_out = 1458 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Event Viewer.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2d14
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk.RYK, type = size, size_out = 1426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2d18
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk.RYK, type = size, size_out = 1426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2d1c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk.RYK, type = size, size_out = 1426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2d20
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk.RYK, type = size, size_out = 1426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2d24
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2d28
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2d2c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2d30
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2d34
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2d38
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Configuration.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Configuration.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Configuration.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2d3c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Information.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Information.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Information.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2d40
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2d44
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2d48
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini.RYK, type = size, size_out = 1298 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2d4c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Desktop.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Desktop.lnk.RYK, type = size, size_out = 1138 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Desktop.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2d50
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk.RYK, type = size, size_out = 2482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2d54
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk.RYK, type = size, size_out = 2706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2d58
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel.lnk.RYK, type = size, size_out = 2706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2d5c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Immersive Control Panel.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Immersive Control Panel.lnk.RYK, type = size, size_out = 2626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Immersive Control Panel.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2d60
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\About Java.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\About Java.lnk.RYK, type = size, size_out = 2386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\About Java.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2d64
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Check For Updates.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Check For Updates.lnk.RYK, type = size, size_out = 2402 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Check For Updates.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2d68
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Configure Java.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Configure Java.lnk.RYK, type = size, size_out = 2354 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Configure Java.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2d6c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Get Help.url.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Get Help.url.RYK, type = size, size_out = 466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Get Help.url.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2d70
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url.RYK, type = size, size_out = 466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2d74
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2d78
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Database Compare 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Skype for Business Recording Manager.lnk.RYK, type = size, size_out = 2850 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Skype for Business Recording Manager.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2d7c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Language Preferences.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Language Preferences.lnk.RYK, type = size, size_out = 2722 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Language Preferences.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2d80
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk.RYK, type = size, size_out = 2866 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2d84
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk.RYK, type = size, size_out = 2866 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2d88
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Skype for Business Recording Manager.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Skype for Business Recording Manager.lnk.RYK, type = size, size_out = 2754 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Skype for Business Recording Manager.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2d8c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk.RYK, type = size, size_out = 2850 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2d90
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Dashboard for Office 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Dashboard for Office 2016.lnk.RYK, type = size, size_out = 2802 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Dashboard for Office 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2d94
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Log for Office 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Log for Office 2016.lnk.RYK, type = size, size_out = 2866 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Log for Office 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2d98
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\MiracastView.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\MiracastView.lnk.RYK, type = size, size_out = 2498 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\MiracastView.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2d9c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneDrive for Business.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneDrive for Business.lnk.RYK, type = size, size_out = 2482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneDrive for Business.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2da0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneNote 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneNote 2016.lnk.RYK, type = size, size_out = 2674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneNote 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2da4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2da8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook.lnk.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2dac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint 2016.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2db0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2db4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk.RYK, type = size, size_out = 2482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2db8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project 2016.lnk.RYK, type = size, size_out = 2754 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2dbc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project.lnk.RYK, type = size, size_out = 2450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2dc0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher 2016.lnk.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2dc4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher.lnk.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2dc8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Search.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Search.lnk.RYK, type = size, size_out = 1874 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Search.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2dcc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business 2016.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2dd0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2dd4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\StartUp\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\StartUp\desktop.ini.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\StartUp\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2dd8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk.RYK, type = size, size_out = 1538 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2ddc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini.RYK, type = size, size_out = 738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2de0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2de4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2de8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio.lnk.RYK, type = size, size_out = 2434 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2dec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2df0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2df4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml.RYK, type = size, size_out = 1122 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2df8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2dfc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2e00
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2e04
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2e08
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2e0c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2e10
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2e14
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2e18
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2e1c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2e20
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2e24
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2e28
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2e2c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2e30
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2e34
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2e38
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2e3c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2e40
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl.RYK, type = size, size_out = 4386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2e44
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2e48
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2e4c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.001.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.001.etl.RYK, type = size, size_out = 4386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.001.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2e50
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Desktop\Acrobat Reader DC.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Desktop\Acrobat Reader DC.lnk.RYK, type = size, size_out = 2418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Desktop\Acrobat Reader DC.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2e54
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2e58
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini.RYK, type = size, size_out = 562 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2e5c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini.RYK, type = size, size_out = 658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2e60
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini.RYK, type = size, size_out = 658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2e64
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini.RYK, type = size, size_out = 658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2e68
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\MasterDescriptor.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\MasterDescriptor.en-us.xml.RYK, type = size, size_out = 22370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\MasterDescriptor.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2e6c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\s641033.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\s641033.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\s641033.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2e70
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\stream.x64.en-us.man.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\stream.x64.en-us.man.dat.RYK, type = size, size_out = 882914 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\stream.x64.en-us.man.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2e74
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\MasterDescriptor.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\MasterDescriptor.x-none.xml.RYK, type = size, size_out = 21298 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\MasterDescriptor.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2e78
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\s640.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\s640.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\s640.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2e7c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\stream.x64.x-none.man.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\stream.x64.x-none.man.dat.RYK, type = size, size_out = 3688738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\stream.x64.x-none.man.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2e80
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\MasterDescriptor.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\MasterDescriptor.en-us.xml.RYK, type = size, size_out = 22370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\MasterDescriptor.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2e84
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\s641033.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\s641033.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\s641033.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2e88
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\stream.x64.en-us.man.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\stream.x64.en-us.man.dat.RYK, type = size, size_out = 882914 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\stream.x64.en-us.man.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2e8c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\MasterDescriptor.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\MasterDescriptor.x-none.xml.RYK, type = size, size_out = 21298 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\MasterDescriptor.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2e90
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\s640.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\s640.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\s640.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2e94
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\stream.x64.x-none.man.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\stream.x64.x-none.man.dat.RYK, type = size, size_out = 3688738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\stream.x64.x-none.man.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2e98
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml.RYK, type = size, size_out = 2258 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2e9c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml.RYK, type = size, size_out = 2258 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2ea0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml.RYK, type = size, size_out = 1666 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2ea4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml, type = size, size_out = 614 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml, size = 614, size_out = 614 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml, size = 624 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2ea8
18
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml, type = size, size_out = 6036245 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml, size = 16, size_out = 16 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml, size = 0, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml, size = 16 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml, size = 10 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml, size = 268 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml, size = 16 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2eac
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserDeploymentConfiguration.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserDeploymentConfiguration.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserDeploymentConfiguration.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2eb0
24
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml, type = size, size_out = 3787815 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml, size = 787815, size_out = 787815 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml, size = 787824 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2eb4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\MasterDescriptor.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\MasterDescriptor.en-us.xml.RYK, type = size, size_out = 32226 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\MasterDescriptor.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2eb8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\s641033.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\s641033.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\s641033.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2ebc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\Stream.Platform.Culture.man.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\Stream.Platform.Culture.man.xml.RYK, type = size, size_out = 1851890 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\Stream.Platform.Culture.man.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2ec0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.hash.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2ec4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.man.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.man.dat.RYK, type = size, size_out = 1067426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.man.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2ec8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\MasterDescriptor.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\MasterDescriptor.x-none.xml.RYK, type = size, size_out = 32482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\MasterDescriptor.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2ecc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\s640.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\s640.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\s640.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2ed0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\Stream.Platform.x-none.man.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\Stream.Platform.x-none.man.xml.RYK, type = size, size_out = 9671842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\Stream.Platform.x-none.man.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2ed4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.hash.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2ed8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.man.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.man.dat.RYK, type = size, size_out = 5437238 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.man.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2edc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man.RYK, type = size, size_out = 414002 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2ee0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 43202 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2ee4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml.RYK, type = size, size_out = 61042 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2ee8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml.RYK, type = size, size_out = 2322 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2eec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 16514 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2ef0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml.RYK, type = size, size_out = 10098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2ef4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 559650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2ef8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml.RYK, type = size, size_out = 37794 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2efc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 106850 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2f00
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml.RYK, type = size, size_out = 22402 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2f04
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml.RYK, type = size, size_out = 17250 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2f08
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml.RYK, type = size, size_out = 346466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2f0c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml.RYK, type = size, size_out = 125810 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2f10
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml.RYK, type = size, size_out = 2322 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2f14
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 99922 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2f18
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml.RYK, type = size, size_out = 18738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2f1c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 1810 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2f20
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml.RYK, type = size, size_out = 11330 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2f24
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 2594 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2f28
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml.RYK, type = size, size_out = 11426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2f2c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 99458 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2f30
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml.RYK, type = size, size_out = 97170 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2f34
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 813890 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2f38
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 109986 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2f3c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml.RYK, type = size, size_out = 27122 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2f40
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 36226 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2f44
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml.RYK, type = size, size_out = 32450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2f48
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml.RYK, type = size, size_out = 27810 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2f4c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml.RYK, type = size, size_out = 26082 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2f50
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.RYK, type = size, size_out = 26082 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2f54
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml.RYK, type = size, size_out = 2322 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2f58
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 80834 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2f5c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml.RYK, type = size, size_out = 13650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2f60
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 745058 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2f64
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 194514 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2f68
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml.RYK, type = size, size_out = 1175698 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2f6c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 92610 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2f70
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml.RYK, type = size, size_out = 78466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2f74
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates Logon.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates Logon.xml.RYK, type = size, size_out = 4370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates Logon.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2f78
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml.RYK, type = size, size_out = 7058 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2f7c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerLogon.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerLogon.xml.RYK, type = size, size_out = 3106 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerLogon.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2f80
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml.RYK, type = size, size_out = 3282 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2f84
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml.RYK, type = size, size_out = 3586 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2f88
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml.RYK, type = size, size_out = 3522 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2f8c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man.RYK, type = size, size_out = 114018 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2f90
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man.RYK, type = size, size_out = 1077666 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2f94
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, type = size, size_out = 338 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2f98
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, type = size, size_out = 338 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2f9c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848.RYK, type = size, size_out = 1842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2fa0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2fa4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2fa8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2fac
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2fb0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2fb4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2fb8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2fbc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2fc0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2fc4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2fc8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2fcc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2fd0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2fd4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2fd8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2fdc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2fe0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2fe4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2fe8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2fec
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2ff0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2ff4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2ff8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2ffc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1140
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2490
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_settings.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_settings.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_settings.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3004
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3008
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static.RYK, type = size, size_out = 2898 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x300c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\cfc.flights.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\cfc.flights.json, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\cfc.flights.json.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3010
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3014
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk.RYK, type = size, size_out = 962 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3018
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x301c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk.RYK, type = size, size_out = 1634 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3020
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl.RYK, type = size, size_out = 917794 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3024
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events00.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events00.rbs, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events00.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3028
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events01.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events01.rbs, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events01.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x302c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events10.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events10.rbs, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events10.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3030
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events11.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events11.rbs, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events11.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3034
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\parse.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\parse.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\parse.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3038
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Active.GRL.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\RyukReadMe.txt, type = size, size_out = 15250 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\RyukReadMe.txt, size = 25, size_out = 25 |
|
1 |
Thread 0x303c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Pending.GRL.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Pending.GRL.RYK, type = size, size_out = 15250 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Pending.GRL.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3040
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3044
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3048
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\ClickToRunPackageLocker.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\RyukReadMe.txt, type = size, size_out = 0 |
|
2 |
Thread 0x304c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\countrytable.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\countrytable.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\countrytable.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3050
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml.RYK, type = size, size_out = 4018 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3054
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3058
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 2098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x305c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 2098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3060
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml.RYK, type = size, size_out = 834 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3064
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml.RYK, type = size, size_out = 1538 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3068
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x306c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 642 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3070
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 642 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3074
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml.RYK, type = size, size_out = 626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3078
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml.RYK, type = size, size_out = 5810 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x307c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3080
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 3570 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3084
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 3570 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3088
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml.RYK, type = size, size_out = 594 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x308c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml.RYK, type = size, size_out = 6818 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3090
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3094
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 3314 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3098
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 2114 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x309c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_2.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_2.provxml.RYK, type = size, size_out = 2594 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_2.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x30a0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml.RYK, type = size, size_out = 866 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x30a4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml.RYK, type = size, size_out = 8274 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x30a8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x30ac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 4322 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x30b0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 3586 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x30b4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_2.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_2.provxml.RYK, type = size, size_out = 2098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_2.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x30b8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml.RYK, type = size, size_out = 834 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x30bc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml.RYK, type = size, size_out = 1266 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x30c0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x30c4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 914 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x30c8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime.xml.RYK, type = size, size_out = 482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x30cc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\customizations.xml.RYK, type = size, size_out = 2514 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x30d0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x30d4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 1938 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x30d8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml.RYK, type = size, size_out = 626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x30dc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml.RYK, type = size, size_out = 7618 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x30e0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x30e4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 7362 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x30e8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime.xml.RYK, type = size, size_out = 626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x30ec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\customizations.xml.RYK, type = size, size_out = 3634 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x30f0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x30f4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 2098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x30f8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 2098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x30fc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime.xml.RYK, type = size, size_out = 594 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3100
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml.RYK, type = size, size_out = 2498 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3104
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3108
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 1922 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x310c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime.xml.RYK, type = size, size_out = 626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3110
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\customizations.xml.RYK, type = size, size_out = 2098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3114
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3118
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 1330 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x311c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime.xml.RYK, type = size, size_out = 626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3120
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml.RYK, type = size, size_out = 3778 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3124
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3128
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 2130 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x312c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 2130 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3130
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime.xml.RYK, type = size, size_out = 594 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3134
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\customizations.xml.RYK, type = size, size_out = 25778 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3138
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x313c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 6114 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3140
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 1698 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3144
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_2.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_2.provxml.RYK, type = size, size_out = 4402 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_2.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3148
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_3.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_3.provxml.RYK, type = size, size_out = 6482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_3.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x314c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_4.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_4.provxml.RYK, type = size, size_out = 6738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_4.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3150
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_5.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_5.provxml.RYK, type = size, size_out = 3714 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_5.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3154
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_6.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_6.provxml.RYK, type = size, size_out = 2642 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_6.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3158
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime.xml.RYK, type = size, size_out = 1586 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x315c
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\Administrator.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\Administrator.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x3160
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\CIiHmnxMn6Ps.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\CIiHmnxMn6Ps.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x3164
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.bmp.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.bmp.RYK, type = size, size_out = 803154 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.bmp.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3168
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.png.RYK, type = size, size_out = 5682 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x316c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-192.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-192.png.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-192.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3170
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png.RYK, type = size, size_out = 690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3174
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-40.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-40.png.RYK, type = size, size_out = 722 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-40.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3178
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png.RYK, type = size, size_out = 786 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x317c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.bmp.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.bmp.RYK, type = size, size_out = 803154 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.bmp.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3180
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.png.RYK, type = size, size_out = 5682 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3184
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch.RYK, type = size, size_out = 434 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3188
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x318c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3190
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol.RYK, type = size, size_out = 722 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x31a8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsBase.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsBase.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsBase.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x31ac
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsDlta.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsDlta.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsDlta.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x31b0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvBase.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvBase.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvBase.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x31b4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvDlta.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvDlta.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvDlta.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x31b8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisBase.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisBase.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisBase.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x31bc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisFull.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisFull.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisFull.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x31c4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Network Inspection System\Support\NisLog.txt.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Network Inspection System\Support\NisLog.txt.RYK, type = size, size_out = 35090 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Network Inspection System\Support\NisLog.txt.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x31c8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\CacheManager\MpScanCache-1.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\CacheManager\MpScanCache-1.bin, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\CacheManager\MpScanCache-1.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x31cc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\00\192.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\00\192.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\00\192.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x31d0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\198.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\198.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\198.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x31d4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\263.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\263.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\263.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x31d8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\271.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\271.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\271.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x31dc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\02\303.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\02\303.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\02\303.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x31e4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\03\324.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\03\324.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\03\324.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x31e8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\259.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\259.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\259.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x31ec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\261.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\261.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\261.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x31f0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\191.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\191.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\191.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x31f4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\199.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\199.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\199.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x31f8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\317.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\317.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\317.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x31fc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\06\13710.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\06\13710.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\06\13710.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3200
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\07\273.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\07\273.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\07\273.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3204
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\13711.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\13711.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\13711.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3208
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\238.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\238.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\238.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x320c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\287.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\287.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\287.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3210
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\197.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\197.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\197.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3214
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\267.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\267.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\267.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3218
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\286.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\286.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\286.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x321c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\11\200.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\11\200.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\11\200.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3220
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\12\194.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\12\194.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\12\194.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3224
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\13\278.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\13\278.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\13\278.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3228
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\14\9664.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\14\9664.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\14\9664.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x322c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\13712.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\13712.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\13712.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3230
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\196.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\196.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\196.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3234
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\262.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\262.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\262.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3238
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\288.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\288.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\288.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x323c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\193.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\193.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\193.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3240
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\300.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\300.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\300.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3244
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107001.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107001.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107001.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3248
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107002.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107002.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107002.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x324c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\195.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\195.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\195.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3250
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\266.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\266.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\266.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3254
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\272.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\272.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\272.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3258
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\328.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\328.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\328.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x325c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\20\189.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\20\189.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\20\189.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3260
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\13719.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\13719.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\13719.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3264
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\260.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\260.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\260.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3268
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\22\323.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\22\323.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\22\323.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x326c
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log.RYK, type = size, size_out = 24 |
|
2 |
Thread 0x3270
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\1\0000000000000000.idx.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\1\0000000000000000.idx.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\1\0000000000000000.idx.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3274
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\0000000000000000.idx.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\0000000000000000.idx.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\0000000000000000.idx.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3278
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat.RYK, type = size, size_out = 514 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x327c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat.RYK, type = size, size_out = 738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3280
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\94\A75BFDE52F3DD8E6.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\94\A75BFDE52F3DD8E6.dat.RYK, type = size, size_out = 642 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\94\A75BFDE52F3DD8E6.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3284
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\3\0000000000000000.idx.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\3\0000000000000000.idx.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\3\0000000000000000.idx.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3288
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\4\0000000000000000.idx.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\4\0000000000000000.idx.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\4\0000000000000000.idx.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x328c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67.RYK, type = size, size_out = 187773223 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3290
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E.RYK, type = size, size_out = 3354914 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3294
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80.RYK, type = size, size_out = 12480806 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3298
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87.RYK, type = size, size_out = 2519330 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x329c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0.RYK, type = size, size_out = 4600098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x32a0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CB.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CB.RYK, type = size, size_out = 295202 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CB.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x32a4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CC.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CC.RYK, type = size, size_out = 553250 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CC.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x32a8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MpDiag.bin.RYK, type = size, size_out = 10707341 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MpDiag.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x32ac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE0.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VF.RYK, type = size, size_out = 59793703 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VF.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x32b0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1.RYK, type = size, size_out = 5488934 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x32b4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VF.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\RtSigs\Data\RyukReadMe.txt, type = size, size_out = 1933346 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\RtSigs\Data\RyukReadMe.txt, size = 25, size_out = 25 |
|
1 |
Thread 0x32b8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MpDiag.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MpDiag.bin.RYK, type = size, size_out = 402 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MpDiag.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x32c0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Live\WLive48x48.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Live\WLive48x48.png.RYK, type = size, size_out = 4946 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Live\WLive48x48.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x32c4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\confident.cov, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\confident.cov, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\confident.cov.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x32c8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\fyi.cov, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\fyi.cov, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\fyi.cov.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x32d0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\generic.cov, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\generic.cov, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\generic.cov.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x32d4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\urgent.cov, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\urgent.cov, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\urgent.cov.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x32d8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\WelcomeFax.tif, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\WelcomeFax.tif, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\WelcomeFax.tif.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x32dc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSScan\WelcomeScan.jpg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSScan\WelcomeScan.jpg, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSScan\WelcomeScan.jpg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x32e0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft OneDrive\setup\refcount.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft OneDrive\setup\refcount.ini.RYK, type = size, size_out = 306 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft OneDrive\setup\refcount.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x32e4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp.RYK, type = size, size_out = 338 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x32e8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8.RYK, type = size, size_out = 82552220 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x32ec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, type = size, size_out = 997330 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x32f0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, type = size, size_out = 143650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x32f4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm.RYK, type = size, size_out = 930 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x32f8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, type = size, size_out = 5800522 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x32fc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, type = size, size_out = 151842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3300
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm.RYK, type = size, size_out = 930 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3304
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm.RYK, type = size, size_out = 1042 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3308
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, type = size, size_out = 1463154 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x330c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, type = size, size_out = 147746 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3310
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, type = size, size_out = 5588550 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3314
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, type = size, size_out = 143650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3318
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, type = size, size_out = 1266802 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x331c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, type = size, size_out = 147746 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3328
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, type = size, size_out = 1034786 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x332c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, type = size, size_out = 143650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3330
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, type = size, size_out = 5154110 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3334
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, type = size, size_out = 151842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x333c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, type = size, size_out = 821970 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3340
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, type = size, size_out = 151842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3344
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, type = size, size_out = 4989074 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3348
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, type = size, size_out = 143650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x334c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm.RYK, type = size, size_out = 930 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3350
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, type = size, size_out = 810050 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3354
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, type = size, size_out = 151842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3358
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, type = size, size_out = 5881611 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x335c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, type = size, size_out = 143650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3360
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm.RYK, type = size, size_out = 1042 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3364
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm.RYK, type = size, size_out = 930 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3368
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, type = size, size_out = 4933186 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x336c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, type = size, size_out = 143650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3370
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag.RYK, type = size, size_out = 1362 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3374
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag.RYK, type = size, size_out = 1362 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3378
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag.RYK, type = size, size_out = 1362 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x337c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3380
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3384
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access 2016.lnk.RYK, type = size, size_out = 2706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3388
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access.lnk.RYK, type = size, size_out = 2706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3394
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Desktop.ini.RYK, type = size, size_out = 658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3398
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Speech Recognition.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Speech Recognition.lnk.RYK, type = size, size_out = 1522 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Speech Recognition.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x339c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini.RYK, type = size, size_out = 1762 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x33a0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk.RYK, type = size, size_out = 1458 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x33a4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Paint.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Paint.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Paint.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x33a8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk.RYK, type = size, size_out = 1490 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x33ac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x33b0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk.RYK, type = size, size_out = 1378 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x33b4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Sticky Notes.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Sticky Notes.lnk.RYK, type = size, size_out = 1474 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Sticky Notes.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x33b8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\Character Map.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\Character Map.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\Character Map.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x33bc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\desktop.ini.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x33c0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini.RYK, type = size, size_out = 466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x33c4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x33c8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk.RYK, type = size, size_out = 1378 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x33cc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Media Player.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Media Player.lnk.RYK, type = size, size_out = 1634 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Media Player.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x33d0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x33d4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x33d8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x33ec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Component Services.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Component Services.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Component Services.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x33f0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Computer Management.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Computer Management.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Computer Management.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x33f4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini.RYK, type = size, size_out = 2882 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x33f8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x33fc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3194
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Event Viewer.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Event Viewer.lnk.RYK, type = size, size_out = 1458 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Event Viewer.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x414
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk.RYK, type = size, size_out = 1426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xd7c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk.RYK, type = size, size_out = 1426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x31a4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk.RYK, type = size, size_out = 1426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5f8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk.RYK, type = size, size_out = 1426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3338
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3404
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3408
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x340c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3410
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3414
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Configuration.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Configuration.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Configuration.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3418
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Information.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Information.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Information.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x341c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3420
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3424
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini.RYK, type = size, size_out = 1298 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3428
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Desktop.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Desktop.lnk.RYK, type = size, size_out = 1138 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Desktop.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x342c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk.RYK, type = size, size_out = 2482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3430
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk.RYK, type = size, size_out = 2706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3434
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel.lnk.RYK, type = size, size_out = 2706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3438
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Immersive Control Panel.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Immersive Control Panel.lnk.RYK, type = size, size_out = 2626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Immersive Control Panel.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x343c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\About Java.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\About Java.lnk.RYK, type = size, size_out = 2386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\About Java.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3440
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Check For Updates.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Check For Updates.lnk.RYK, type = size, size_out = 2402 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Check For Updates.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3444
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Configure Java.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Configure Java.lnk.RYK, type = size, size_out = 2354 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Configure Java.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3448
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Get Help.url.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Get Help.url.RYK, type = size, size_out = 466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Get Help.url.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x344c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url.RYK, type = size, size_out = 466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3450
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3454
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Database Compare 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Database Compare 2016.lnk.RYK, type = size, size_out = 2850 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Database Compare 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3458
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Language Preferences.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Language Preferences.lnk.RYK, type = size, size_out = 2722 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Language Preferences.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x345c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk.RYK, type = size, size_out = 2866 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3464
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk.RYK, type = size, size_out = 2866 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3468
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Skype for Business Recording Manager.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Skype for Business Recording Manager.lnk.RYK, type = size, size_out = 2754 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Skype for Business Recording Manager.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x346c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk.RYK, type = size, size_out = 2850 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3470
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Dashboard for Office 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Dashboard for Office 2016.lnk.RYK, type = size, size_out = 2802 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Dashboard for Office 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3474
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Log for Office 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Log for Office 2016.lnk.RYK, type = size, size_out = 2866 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Log for Office 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3478
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\MiracastView.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\MiracastView.lnk.RYK, type = size, size_out = 2498 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\MiracastView.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x347c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneDrive for Business.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneDrive for Business.lnk.RYK, type = size, size_out = 2482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneDrive for Business.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3480
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneNote 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneNote 2016.lnk.RYK, type = size, size_out = 2674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneNote 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3484
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3488
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook.lnk.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x348c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint 2016.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3490
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3494
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk.RYK, type = size, size_out = 2482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3498
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project 2016.lnk.RYK, type = size, size_out = 2754 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x349c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project.lnk.RYK, type = size, size_out = 2450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x34a0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher 2016.lnk.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x34a4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher.lnk.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x34a8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Search.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Search.lnk.RYK, type = size, size_out = 1874 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Search.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x34ac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business 2016.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x34b0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x34b4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\StartUp\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\StartUp\desktop.ini.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\StartUp\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x34b8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk.RYK, type = size, size_out = 1538 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x34bc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini.RYK, type = size, size_out = 738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x34c0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x34c4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x34c8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio.lnk.RYK, type = size, size_out = 2434 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x34cc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x34d0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x34d4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml.RYK, type = size, size_out = 1122 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x34d8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x34dc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x34e0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x34e4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x34e8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x34ec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x34f0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x34f4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x34f8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x34fc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3500
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3504
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3508
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x350c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3510
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3514
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3518
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x351c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3520
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl.RYK, type = size, size_out = 4386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3524
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3528
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x352c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.001.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.001.etl.RYK, type = size, size_out = 4386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.001.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3530
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Desktop\Acrobat Reader DC.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Desktop\Acrobat Reader DC.lnk.RYK, type = size, size_out = 2418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Desktop\Acrobat Reader DC.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3534
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Desktop\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Desktop\desktop.ini.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Desktop\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3538
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Documents\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Documents\desktop.ini.RYK, type = size, size_out = 562 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Documents\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x353c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini.RYK, type = size, size_out = 658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3540
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini.RYK, type = size, size_out = 658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3544
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini.RYK, type = size, size_out = 658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3548
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\MasterDescriptor.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\MasterDescriptor.en-us.xml.RYK, type = size, size_out = 22370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\MasterDescriptor.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x354c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\s641033.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\s641033.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\s641033.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3550
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\stream.x64.en-us.man.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\stream.x64.en-us.man.dat.RYK, type = size, size_out = 882914 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\stream.x64.en-us.man.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3554
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\MasterDescriptor.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\MasterDescriptor.x-none.xml.RYK, type = size, size_out = 21298 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\MasterDescriptor.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3558
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\s640.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\s640.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\s640.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x355c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\stream.x64.x-none.man.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\stream.x64.x-none.man.dat.RYK, type = size, size_out = 3688738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\stream.x64.x-none.man.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3560
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\MasterDescriptor.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\MasterDescriptor.en-us.xml.RYK, type = size, size_out = 22370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\MasterDescriptor.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3564
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\s641033.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\s641033.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\s641033.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3568
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\stream.x64.en-us.man.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\stream.x64.en-us.man.dat.RYK, type = size, size_out = 882914 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\stream.x64.en-us.man.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x356c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\MasterDescriptor.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\MasterDescriptor.x-none.xml.RYK, type = size, size_out = 21298 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\MasterDescriptor.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3570
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\s640.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\s640.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\s640.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3574
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\stream.x64.x-none.man.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\stream.x64.x-none.man.dat.RYK, type = size, size_out = 3688738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\stream.x64.x-none.man.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3578
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml.RYK, type = size, size_out = 2258 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x357c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml.RYK, type = size, size_out = 2258 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3580
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml.RYK, type = size, size_out = 1666 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3584
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml, type = size, size_out = 898 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3588
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml.RYK, type = size, size_out = 6036539 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x358c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserDeploymentConfiguration.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserDeploymentConfiguration.xml, type = size, size_out = 614 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserDeploymentConfiguration.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserDeploymentConfiguration.xml, size = 614, size_out = 614 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserDeploymentConfiguration.xml, size = 624 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserDeploymentConfiguration.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserDeploymentConfiguration.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserDeploymentConfiguration.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserDeploymentConfiguration.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3590
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml.RYK, type = size, size_out = 3788098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3594
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\MasterDescriptor.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\MasterDescriptor.en-us.xml.RYK, type = size, size_out = 32226 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\MasterDescriptor.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3598
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\s641033.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\s641033.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\s641033.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x359c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\Stream.Platform.Culture.man.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\Stream.Platform.Culture.man.xml.RYK, type = size, size_out = 1851890 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\Stream.Platform.Culture.man.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x35a4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.hash.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x35a8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.man.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.man.dat.RYK, type = size, size_out = 1067426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.man.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x35ac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\MasterDescriptor.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\MasterDescriptor.x-none.xml.RYK, type = size, size_out = 32482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\MasterDescriptor.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x35b0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\s640.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\s640.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\s640.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x35b4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\Stream.Platform.x-none.man.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\Stream.Platform.x-none.man.xml.RYK, type = size, size_out = 9671842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\Stream.Platform.x-none.man.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x35b8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.hash.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x35bc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.man.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.man.dat.RYK, type = size, size_out = 5437238 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.man.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x35c0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man.RYK, type = size, size_out = 414002 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x35c4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 43202 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x35c8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml.RYK, type = size, size_out = 61042 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x35cc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml.RYK, type = size, size_out = 2322 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x35d0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 16514 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x35d4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml.RYK, type = size, size_out = 10098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x35d8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 559650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x35dc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml.RYK, type = size, size_out = 37794 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x35e0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 106850 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x35e4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml.RYK, type = size, size_out = 22402 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x35e8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml.RYK, type = size, size_out = 17250 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x35ec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml.RYK, type = size, size_out = 346466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x35f0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml.RYK, type = size, size_out = 125810 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x35f4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml.RYK, type = size, size_out = 2322 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x35f8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 99922 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x35fc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml.RYK, type = size, size_out = 18738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3600
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 1810 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3604
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml.RYK, type = size, size_out = 11330 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3608
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 2594 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x360c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml.RYK, type = size, size_out = 11426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3610
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 99458 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3614
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml.RYK, type = size, size_out = 97170 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3618
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 813890 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x361c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 109986 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3620
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml.RYK, type = size, size_out = 27122 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3624
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 36226 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3628
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml.RYK, type = size, size_out = 32450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x362c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml.RYK, type = size, size_out = 27810 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3630
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml.RYK, type = size, size_out = 26082 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3634
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.RYK, type = size, size_out = 26082 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3638
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml.RYK, type = size, size_out = 2322 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x363c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 80834 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3640
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml.RYK, type = size, size_out = 13650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3644
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 745058 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3648
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 194514 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x364c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml.RYK, type = size, size_out = 1175698 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3650
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 92610 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3654
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml.RYK, type = size, size_out = 78466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3658
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates Logon.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates Logon.xml.RYK, type = size, size_out = 4370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates Logon.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x365c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml.RYK, type = size, size_out = 7058 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3660
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerLogon.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerLogon.xml.RYK, type = size, size_out = 3106 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerLogon.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3664
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml.RYK, type = size, size_out = 3282 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3668
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml.RYK, type = size, size_out = 3586 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x366c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml.RYK, type = size, size_out = 3522 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3670
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man.RYK, type = size, size_out = 114018 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3674
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man.RYK, type = size, size_out = 1077666 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3678
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, type = size, size_out = 338 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x367c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, type = size, size_out = 338 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3680
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848.RYK, type = size, size_out = 1842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3684
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3688
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x368c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3690
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3694
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3698
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x369c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x36a0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x36a4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x36a8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x36ac
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x36b0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x36b4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x36b8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x36bc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x36c0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x36c4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x36c8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x36cc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x36d0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x36d4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x36d8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x36dc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x36e4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x36e8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x36ec
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_settings.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_settings.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_settings.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x36f0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x36f4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static.RYK, type = size, size_out = 2898 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x36f8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\cfc.flights.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\cfc.flights.json, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\cfc.flights.json.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x36fc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3700
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk.RYK, type = size, size_out = 962 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3704
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3708
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk.RYK, type = size, size_out = 1634 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x370c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl.RYK, type = size, size_out = 917794 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3710
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events00.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events00.rbs, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events00.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3714
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events01.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events01.rbs, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events01.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3718
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events10.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events10.rbs, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events10.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x371c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events11.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events11.rbs, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Diagnosis\events11.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3720
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Diagnosis\parse.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Diagnosis\parse.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Diagnosis\parse.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3724
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\MF\Active.GRL.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\MF\Active.GRL.RYK, type = size, size_out = 15250 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\MF\Active.GRL.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3728
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\MF\Pending.GRL.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\MF\Pending.GRL.RYK, type = size, size_out = 15250 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\MF\Pending.GRL.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x372c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3730
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3734
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Office\ClickToRunPackageLocker.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Office\ClickToRunPackageLocker.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x3738
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\countrytable.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\countrytable.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\countrytable.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3744
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml.RYK, type = size, size_out = 4018 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3748
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x374c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 2098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3750
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 2098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3754
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml.RYK, type = size, size_out = 834 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3758
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml.RYK, type = size, size_out = 1538 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x375c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3760
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 642 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3764
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 642 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3768
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml.RYK, type = size, size_out = 626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x376c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml.RYK, type = size, size_out = 5810 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3770
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3774
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 3570 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3778
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 3570 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x377c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml.RYK, type = size, size_out = 594 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3780
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml.RYK, type = size, size_out = 6818 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3784
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3788
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 3314 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x378c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 2114 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3790
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_2.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_2.provxml.RYK, type = size, size_out = 2594 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_2.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3794
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml.RYK, type = size, size_out = 866 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3798
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml.RYK, type = size, size_out = 8274 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x379c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x37a0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 4322 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x37a4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 3586 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x37a8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_2.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_2.provxml.RYK, type = size, size_out = 2098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_2.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x37ac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml.RYK, type = size, size_out = 834 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x37b0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml.RYK, type = size, size_out = 1266 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x37b4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x37b8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 914 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x37bc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime.xml.RYK, type = size, size_out = 482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x37c0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\customizations.xml.RYK, type = size, size_out = 2514 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x37c4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x37c8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 1938 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x37cc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml.RYK, type = size, size_out = 626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x37d0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml.RYK, type = size, size_out = 7618 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x37d4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x37d8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 7362 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x37dc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime.xml.RYK, type = size, size_out = 626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x37e0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\customizations.xml.RYK, type = size, size_out = 3634 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x37e4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x37e8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 2098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x37ec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 2098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x37f0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime.xml.RYK, type = size, size_out = 594 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x37f4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml.RYK, type = size, size_out = 2498 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x37f8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x37fc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 1922 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x33e0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime.xml.RYK, type = size, size_out = 626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3324
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\customizations.xml.RYK, type = size, size_out = 2098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x33e4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3320
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 1330 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4b0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime.xml.RYK, type = size, size_out = 626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xc7c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml.RYK, type = size, size_out = 3778 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xc74
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x319c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 2130 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x31e0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 2130 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x32cc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime.xml.RYK, type = size, size_out = 594 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3198
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\customizations.xml.RYK, type = size, size_out = 25778 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3804
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3808
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 6114 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x380c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 1698 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3810
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_2.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_2.provxml.RYK, type = size, size_out = 4402 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_2.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3814
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_3.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_3.provxml.RYK, type = size, size_out = 6482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_3.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3818
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_4.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_4.provxml.RYK, type = size, size_out = 6738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_4.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x381c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_5.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_5.provxml.RYK, type = size, size_out = 3714 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_5.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3820
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_6.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_6.provxml.RYK, type = size, size_out = 2642 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_6.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3824
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime.xml.RYK, type = size, size_out = 1586 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3828
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\Administrator.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\Administrator.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x382c
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\CIiHmnxMn6Ps.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\CIiHmnxMn6Ps.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x3830
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.bmp.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.bmp.RYK, type = size, size_out = 803154 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.bmp.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3834
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.png.RYK, type = size, size_out = 5682 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3838
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-192.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-192.png.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-192.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x383c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png.RYK, type = size, size_out = 690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3840
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-40.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-40.png.RYK, type = size, size_out = 722 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-40.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3844
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png.RYK, type = size, size_out = 786 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3848
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.bmp.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.bmp.RYK, type = size, size_out = 803154 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.bmp.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x384c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.png.RYK, type = size, size_out = 5682 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3850
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch.RYK, type = size, size_out = 434 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3854
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3858
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x385c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol.RYK, type = size, size_out = 722 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3864
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsBase.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsBase.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsBase.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3868
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsDlta.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsDlta.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsDlta.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x386c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvBase.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvBase.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvBase.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3870
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvDlta.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvDlta.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvDlta.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3874
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisBase.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisBase.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisBase.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3878
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisFull.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisFull.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisFull.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x387c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Network Inspection System\Support\NisLog.txt.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Network Inspection System\Support\NisLog.txt.RYK, type = size, size_out = 35090 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Network Inspection System\Support\NisLog.txt.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3880
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\CacheManager\MpScanCache-1.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\CacheManager\MpScanCache-1.bin, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\CacheManager\MpScanCache-1.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3884
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\00\192.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\00\192.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\00\192.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3888
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\198.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\198.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\198.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x388c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\263.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\263.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\263.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3890
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\271.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\271.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\271.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3894
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\02\303.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\02\303.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\02\303.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3898
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\03\324.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\03\324.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\03\324.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x389c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\259.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\259.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\259.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x38a0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\261.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\261.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\261.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x38a4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\191.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\191.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\191.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x38a8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\199.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\199.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\199.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x38ac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\317.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\317.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\317.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x38b0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\06\13710.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\06\13710.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\06\13710.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x38b4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\07\273.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\07\273.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\07\273.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x38b8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\13711.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\13711.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\13711.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x38bc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\238.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\238.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\238.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x38c0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\287.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\287.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\287.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x38c4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\197.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\197.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\197.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x38c8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\267.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\267.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\267.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x38cc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\286.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\286.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\286.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x38d0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\11\200.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\11\200.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\11\200.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x38d4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\12\194.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\12\194.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\12\194.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x38d8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\13\278.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\13\278.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\13\278.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x38dc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\14\9664.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\14\9664.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\14\9664.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x38e0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\13712.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\13712.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\13712.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x38e4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\196.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\196.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\196.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x38e8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\262.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\262.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\262.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x38ec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\288.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\288.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\288.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x38f0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\193.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\193.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\193.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x38f4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\300.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\300.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\300.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x38f8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107001.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107001.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107001.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x38fc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107002.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107002.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107002.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3900
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\195.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\195.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\195.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3904
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\266.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\266.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\266.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3908
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\272.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\272.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\272.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x390c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\328.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\328.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\328.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3910
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\20\189.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\20\189.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\20\189.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3914
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\13719.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\13719.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\13719.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3918
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\260.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\260.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\260.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x391c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\22\323.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\22\323.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\22\323.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3920
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log.RYK, type = size, size_out = 24 |
|
2 |
Thread 0x3924
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\1\0000000000000000.idx.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\1\0000000000000000.idx.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\1\0000000000000000.idx.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3928
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\0000000000000000.idx.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\0000000000000000.idx.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\0000000000000000.idx.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x392c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat.RYK, type = size, size_out = 514 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3930
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat.RYK, type = size, size_out = 738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3934
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\94\A75BFDE52F3DD8E6.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\94\A75BFDE52F3DD8E6.dat.RYK, type = size, size_out = 642 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\94\A75BFDE52F3DD8E6.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3938
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\3\0000000000000000.idx.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\3\0000000000000000.idx.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\3\0000000000000000.idx.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x393c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\4\0000000000000000.idx.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\4\0000000000000000.idx.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\4\0000000000000000.idx.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3940
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67.RYK, type = size, size_out = 187773223 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3944
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E.RYK, type = size, size_out = 3354914 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3948
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80.RYK, type = size, size_out = 12480806 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x394c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87.RYK, type = size, size_out = 2519330 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3950
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0.RYK, type = size, size_out = 4600098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3954
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CB.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CB.RYK, type = size, size_out = 295202 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CB.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3958
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CC.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CC.RYK, type = size, size_out = 553250 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CC.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x395c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.RYK, type = size, size_out = 10707341 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3960
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE0.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE0.RYK, type = size, size_out = 59793703 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE0.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3964
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1.RYK, type = size, size_out = 5488934 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3968
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VF.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VF.RYK, type = size, size_out = 1933346 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VF.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x396c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MpDiag.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MpDiag.bin.RYK, type = size, size_out = 402 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MpDiag.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3970
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Live\WLive48x48.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Live\WLive48x48.png.RYK, type = size, size_out = 4946 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Live\WLive48x48.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3974
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\confident.cov, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\confident.cov, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\confident.cov.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3978
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\fyi.cov, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\fyi.cov, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\fyi.cov.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x397c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\generic.cov, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\generic.cov, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\generic.cov.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3980
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\urgent.cov, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\urgent.cov, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\urgent.cov.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3984
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\WelcomeFax.tif, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\WelcomeFax.tif, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\WelcomeFax.tif.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3988
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSScan\WelcomeScan.jpg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSScan\WelcomeScan.jpg, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSScan\WelcomeScan.jpg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x398c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft OneDrive\setup\refcount.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft OneDrive\setup\refcount.ini.RYK, type = size, size_out = 306 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft OneDrive\setup\refcount.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3990
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp.RYK, type = size, size_out = 338 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3994
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8.RYK, type = size, size_out = 82552220 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3998
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, type = size, size_out = 997330 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x399c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, type = size, size_out = 143650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x39a0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm.RYK, type = size, size_out = 930 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x39a4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, type = size, size_out = 5800522 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x39a8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, type = size, size_out = 151842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x39ac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm.RYK, type = size, size_out = 930 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x39b0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm.RYK, type = size, size_out = 1042 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x39b4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, type = size, size_out = 1463154 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x39b8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, type = size, size_out = 147746 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x39bc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, type = size, size_out = 5588550 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x39c0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, type = size, size_out = 143650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x39c4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, type = size, size_out = 1266802 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x39c8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, type = size, size_out = 147746 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x39cc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, type = size, size_out = 1034786 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x39d0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, type = size, size_out = 143650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x39d4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, type = size, size_out = 5154110 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x39d8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, type = size, size_out = 151842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x39dc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, type = size, size_out = 821970 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x39e0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, type = size, size_out = 151842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x39e4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, type = size, size_out = 4989074 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x39e8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, type = size, size_out = 143650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x39ec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm.RYK, type = size, size_out = 930 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x39f0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, type = size, size_out = 810050 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x39f4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, type = size, size_out = 151842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x39f8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, type = size, size_out = 5881611 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x39fc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, type = size, size_out = 143650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3a00
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm.RYK, type = size, size_out = 1042 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3a04
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm.RYK, type = size, size_out = 930 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3a08
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, type = size, size_out = 4933186 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3a0c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, type = size, size_out = 143650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3a10
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag.RYK, type = size, size_out = 1362 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3a14
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag.RYK, type = size, size_out = 1362 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3a18
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag.RYK, type = size, size_out = 1362 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3a1c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3a20
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\desktop.ini.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3a24
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Access 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Access 2016.lnk.RYK, type = size, size_out = 2706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Access 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3a28
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Access.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Access.lnk.RYK, type = size, size_out = 2706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Access.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3a2c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Desktop.ini.RYK, type = size, size_out = 658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3a30
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Speech Recognition.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Speech Recognition.lnk.RYK, type = size, size_out = 1522 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Speech Recognition.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3a34
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini.RYK, type = size, size_out = 1762 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3a38
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk.RYK, type = size, size_out = 1458 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3a3c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Paint.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Paint.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Paint.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3a40
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk.RYK, type = size, size_out = 1490 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3a44
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3a48
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk.RYK, type = size, size_out = 1378 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3a4c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Sticky Notes.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Sticky Notes.lnk.RYK, type = size, size_out = 1474 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Sticky Notes.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3a50
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\Character Map.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\Character Map.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\Character Map.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3a54
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\desktop.ini.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3a58
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini.RYK, type = size, size_out = 466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3a5c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3a60
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk.RYK, type = size, size_out = 1378 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3a64
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Media Player.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Media Player.lnk.RYK, type = size, size_out = 1634 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Media Player.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3a68
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3a6c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3a70
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3a74
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Component Services.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Component Services.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Component Services.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3a78
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Computer Management.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Computer Management.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Computer Management.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3a7c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini.RYK, type = size, size_out = 2882 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3a80
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3a84
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3a88
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Event Viewer.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Event Viewer.lnk.RYK, type = size, size_out = 1458 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Event Viewer.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3a8c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk.RYK, type = size, size_out = 1426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3a90
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk.RYK, type = size, size_out = 1426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3a94
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk.RYK, type = size, size_out = 1426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3a98
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk.RYK, type = size, size_out = 1426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3a9c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3aa0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3aa4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3aa8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3aac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3ab0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Configuration.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Configuration.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Configuration.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3ab4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Information.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Information.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Information.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3ab8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3abc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3ac0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini.RYK, type = size, size_out = 1298 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3ac4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Desktop.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Desktop.lnk.RYK, type = size, size_out = 1138 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Desktop.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3ac8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk.RYK, type = size, size_out = 2482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3acc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk.RYK, type = size, size_out = 2706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3ad0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Excel.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Excel.lnk.RYK, type = size, size_out = 2706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Excel.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3ad4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Immersive Control Panel.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Immersive Control Panel.lnk.RYK, type = size, size_out = 2626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Immersive Control Panel.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3ad8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Java\About Java.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Java\About Java.lnk.RYK, type = size, size_out = 2386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Java\About Java.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3adc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Check For Updates.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Check For Updates.lnk.RYK, type = size, size_out = 2402 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Check For Updates.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3ae0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Configure Java.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Configure Java.lnk.RYK, type = size, size_out = 2354 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Configure Java.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3ae4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Get Help.url.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Get Help.url.RYK, type = size, size_out = 466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Get Help.url.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3ae8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url.RYK, type = size, size_out = 466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3aec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3af0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Database Compare 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Database Compare 2016.lnk.RYK, type = size, size_out = 2850 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Database Compare 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3af4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Language Preferences.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Language Preferences.lnk.RYK, type = size, size_out = 2722 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Language Preferences.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3af8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk.RYK, type = size, size_out = 2866 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3afc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk.RYK, type = size, size_out = 2866 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3b00
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Skype for Business Recording Manager.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Skype for Business Recording Manager.lnk.RYK, type = size, size_out = 2754 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Skype for Business Recording Manager.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3b04
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk.RYK, type = size, size_out = 2850 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3b08
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Dashboard for Office 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Dashboard for Office 2016.lnk.RYK, type = size, size_out = 2802 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Dashboard for Office 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3b0c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Log for Office 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Log for Office 2016.lnk.RYK, type = size, size_out = 2866 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Log for Office 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3b10
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\MiracastView.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\MiracastView.lnk.RYK, type = size, size_out = 2498 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\MiracastView.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3b14
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\OneDrive for Business.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\OneDrive for Business.lnk.RYK, type = size, size_out = 2482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\OneDrive for Business.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3b18
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\OneNote 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\OneNote 2016.lnk.RYK, type = size, size_out = 2674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\OneNote 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3b1c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3b20
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook.lnk.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3b24
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint 2016.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3b28
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3b2c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk.RYK, type = size, size_out = 2482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3b30
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Project 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Project 2016.lnk.RYK, type = size, size_out = 2754 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Project 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3b34
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Project.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Project.lnk.RYK, type = size, size_out = 2450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Project.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3b38
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher 2016.lnk.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3b3c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher.lnk.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3b40
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Search.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Search.lnk.RYK, type = size, size_out = 1874 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Search.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3b44
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business 2016.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3b48
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3b4c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\StartUp\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\StartUp\desktop.ini.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\StartUp\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3b50
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk.RYK, type = size, size_out = 1538 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3b54
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini.RYK, type = size, size_out = 738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3b58
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3b5c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3b60
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Visio.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Visio.lnk.RYK, type = size, size_out = 2434 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Visio.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3b64
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3b68
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Word.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Word.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Word.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3b6c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml.RYK, type = size, size_out = 1122 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3b70
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3b74
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3b78
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3b7c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3b80
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3b84
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3b88
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3b8c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3b90
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3b94
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3b98
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3b9c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3ba0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3ba4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3ba8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3bac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3bb0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3bb4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3bb8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl.RYK, type = size, size_out = 4386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3bbc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3bc0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3bc4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.001.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.001.etl.RYK, type = size, size_out = 4386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.001.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3bc8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Desktop\Acrobat Reader DC.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Desktop\Acrobat Reader DC.lnk.RYK, type = size, size_out = 2418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Desktop\Acrobat Reader DC.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3bcc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Desktop\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Desktop\desktop.ini.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Desktop\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3bd0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Documents\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Documents\desktop.ini.RYK, type = size, size_out = 562 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Documents\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3bd4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Documents\My Music\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Documents\My Music\desktop.ini.RYK, type = size, size_out = 658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Documents\My Music\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3bd8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Documents\My Pictures\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Documents\My Pictures\desktop.ini.RYK, type = size, size_out = 658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Documents\My Pictures\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3bdc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Documents\My Videos\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Documents\My Videos\desktop.ini.RYK, type = size, size_out = 658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Documents\My Videos\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3be0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\MasterDescriptor.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\MasterDescriptor.en-us.xml.RYK, type = size, size_out = 22370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\MasterDescriptor.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3be4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\s641033.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\s641033.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\s641033.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3be8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\stream.x64.en-us.man.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\stream.x64.en-us.man.dat.RYK, type = size, size_out = 882914 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\stream.x64.en-us.man.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3bec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\MasterDescriptor.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\MasterDescriptor.x-none.xml.RYK, type = size, size_out = 21298 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\MasterDescriptor.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3bf0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\s640.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\s640.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\s640.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3bf4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\stream.x64.x-none.man.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\stream.x64.x-none.man.dat.RYK, type = size, size_out = 3688738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\stream.x64.x-none.man.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3bf8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\MasterDescriptor.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\MasterDescriptor.en-us.xml.RYK, type = size, size_out = 22370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\MasterDescriptor.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3bfc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\s641033.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\s641033.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\s641033.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x32bc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\stream.x64.en-us.man.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\stream.x64.en-us.man.dat.RYK, type = size, size_out = 882914 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\stream.x64.en-us.man.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x31c0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\MasterDescriptor.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\MasterDescriptor.x-none.xml.RYK, type = size, size_out = 21298 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\MasterDescriptor.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x31a0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\s640.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\s640.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\s640.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2464
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\stream.x64.x-none.man.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\stream.x64.x-none.man.dat.RYK, type = size, size_out = 3688738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\stream.x64.x-none.man.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2460
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml.RYK, type = size, size_out = 2258 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x28c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml.RYK, type = size, size_out = 2258 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x868
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml.RYK, type = size, size_out = 1666 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x238
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml.RYK, type = size, size_out = 898 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x930
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml.RYK, type = size, size_out = 6036539 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x120
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserDeploymentConfiguration.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserDeploymentConfiguration.xml.RYK, type = size, size_out = 898 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserDeploymentConfiguration.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x314
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml.RYK, type = size, size_out = 3788098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x614
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\MasterDescriptor.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\MasterDescriptor.en-us.xml.RYK, type = size, size_out = 32226 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\MasterDescriptor.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x928
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\s641033.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\s641033.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\s641033.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x918
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\Stream.Platform.Culture.man.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\Stream.Platform.Culture.man.xml.RYK, type = size, size_out = 1851890 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\Stream.Platform.Culture.man.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xa48
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.hash.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x43c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.man.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.man.dat.RYK, type = size, size_out = 1067426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.man.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xf4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\MasterDescriptor.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\MasterDescriptor.x-none.xml.RYK, type = size, size_out = 32482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\MasterDescriptor.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x478
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\s640.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\s640.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\s640.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x428
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\Stream.Platform.x-none.man.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\Stream.Platform.x-none.man.xml.RYK, type = size, size_out = 9671842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\Stream.Platform.x-none.man.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3740
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.hash.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xdac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.man.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.man.dat.RYK, type = size, size_out = 5437238 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.man.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3390
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man.RYK, type = size, size_out = 414002 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x373c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 43202 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3460
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml.RYK, type = size, size_out = 61042 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x36e0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml.RYK, type = size, size_out = 2322 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x338c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 16514 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x35a0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml.RYK, type = size, size_out = 10098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x33e8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 559650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x33dc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml.RYK, type = size, size_out = 37794 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3c04
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 106850 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3c08
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml.RYK, type = size, size_out = 22402 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3c0c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml.RYK, type = size, size_out = 17250 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3c10
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml.RYK, type = size, size_out = 346466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3c14
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml.RYK, type = size, size_out = 125810 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3c18
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml.RYK, type = size, size_out = 2322 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3c1c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 99922 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3c20
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml.RYK, type = size, size_out = 18738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3c24
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 1810 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3c28
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml.RYK, type = size, size_out = 11330 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3c2c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 2594 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3c30
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml.RYK, type = size, size_out = 11426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3c34
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 99458 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3c38
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml.RYK, type = size, size_out = 97170 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3c3c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 813890 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3c40
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 109986 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3c44
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml.RYK, type = size, size_out = 27122 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3c48
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 36226 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3c4c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml.RYK, type = size, size_out = 32450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3c50
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml.RYK, type = size, size_out = 27810 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3c54
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml.RYK, type = size, size_out = 26082 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3c58
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.RYK, type = size, size_out = 26082 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3c5c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml.RYK, type = size, size_out = 2322 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3c60
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 80834 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3c64
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml.RYK, type = size, size_out = 13650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3c68
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 745058 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3c6c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 194514 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3c70
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml.RYK, type = size, size_out = 1175698 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3c74
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 92610 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3c78
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml.RYK, type = size, size_out = 78466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3c7c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates Logon.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates Logon.xml.RYK, type = size, size_out = 4370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates Logon.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3c80
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml.RYK, type = size, size_out = 7058 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3c84
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerLogon.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerLogon.xml.RYK, type = size, size_out = 3106 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerLogon.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3c88
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml.RYK, type = size, size_out = 3282 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3c8c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml.RYK, type = size, size_out = 3586 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3c90
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml.RYK, type = size, size_out = 3522 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3c94
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man.RYK, type = size, size_out = 114018 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3c98
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man.RYK, type = size, size_out = 1077666 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3c9c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, type = size, size_out = 338 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3ca0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, type = size, size_out = 338 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3ca4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848.RYK, type = size, size_out = 1842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3ca8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3cac
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3cb0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3cb4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3cb8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3cbc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3cc0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3cc4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3cc8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3ccc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3cd0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3cd4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3cd8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3cdc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3ce0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3ce4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3ce8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3cec
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3cf0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3cf4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3cf8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3cfc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3d00
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3d04
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3d08
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3d0c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_settings.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_settings.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_settings.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3d10
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3d14
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static.RYK, type = size, size_out = 2898 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3d18
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\cfc.flights.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\cfc.flights.json, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\cfc.flights.json.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3d1c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3d20
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk.RYK, type = size, size_out = 962 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3d24
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3d28
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk.RYK, type = size, size_out = 1634 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3d2c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl.RYK, type = size, size_out = 917794 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3d30
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Diagnosis\events00.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Diagnosis\events00.rbs, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Diagnosis\events00.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3d34
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Diagnosis\events01.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Diagnosis\events01.rbs, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Diagnosis\events01.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3d38
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Diagnosis\events10.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Diagnosis\events10.rbs, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Diagnosis\events10.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3d3c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Diagnosis\events11.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Diagnosis\events11.rbs, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Diagnosis\events11.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3d40
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Diagnosis\parse.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Diagnosis\parse.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Diagnosis\parse.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3d44
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\MF\Active.GRL.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\MF\Active.GRL.RYK, type = size, size_out = 15250 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\MF\Active.GRL.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3d48
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\MF\Pending.GRL.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\MF\Pending.GRL.RYK, type = size, size_out = 15250 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\MF\Pending.GRL.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3d4c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3d50
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3d54
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Office\ClickToRunPackageLocker.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Office\ClickToRunPackageLocker.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x3d58
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\countrytable.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\countrytable.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\countrytable.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3d5c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml.RYK, type = size, size_out = 4018 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3d60
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3d64
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 2098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3d68
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 2098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3d6c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml.RYK, type = size, size_out = 834 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3d70
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml.RYK, type = size, size_out = 1538 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3d74
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3d78
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 642 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3d7c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 642 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3d80
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml.RYK, type = size, size_out = 626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3d84
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml.RYK, type = size, size_out = 5810 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3d88
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3d8c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 3570 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3d90
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 3570 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3d94
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml.RYK, type = size, size_out = 594 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3d98
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml.RYK, type = size, size_out = 6818 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3d9c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3da0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 3314 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3da4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 2114 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3da8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_2.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_2.provxml.RYK, type = size, size_out = 2594 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_2.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3dac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml.RYK, type = size, size_out = 866 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3db0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml.RYK, type = size, size_out = 8274 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3db4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3db8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 4322 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3dbc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 3586 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3dc0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_2.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_2.provxml.RYK, type = size, size_out = 2098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_2.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3dc4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml.RYK, type = size, size_out = 834 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3dc8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml.RYK, type = size, size_out = 1266 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3dcc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3dd0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 914 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3dd4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime.xml.RYK, type = size, size_out = 482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3dd8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\customizations.xml.RYK, type = size, size_out = 2514 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3ddc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3de0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 1938 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3de4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml.RYK, type = size, size_out = 626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3de8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml.RYK, type = size, size_out = 7618 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3dec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3df0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 7362 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3df4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime.xml.RYK, type = size, size_out = 626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3df8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\customizations.xml.RYK, type = size, size_out = 3634 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3dfc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3e00
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 2098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3e04
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 2098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3e08
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime.xml.RYK, type = size, size_out = 594 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3e0c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml.RYK, type = size, size_out = 2498 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3e10
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3e14
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 1922 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3e18
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime.xml.RYK, type = size, size_out = 626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3e1c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\customizations.xml.RYK, type = size, size_out = 2098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3e20
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3e24
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 1330 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3e28
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime.xml.RYK, type = size, size_out = 626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3e2c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml.RYK, type = size, size_out = 3778 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3e30
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3e34
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 2130 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3e38
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 2130 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3e3c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime.xml.RYK, type = size, size_out = 594 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3e40
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\customizations.xml.RYK, type = size, size_out = 25778 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3e44
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3e48
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 6114 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3e4c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 1698 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3e50
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_2.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_2.provxml.RYK, type = size, size_out = 4402 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_2.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3e54
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_3.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_3.provxml.RYK, type = size, size_out = 6482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_3.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3e58
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_4.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_4.provxml.RYK, type = size, size_out = 6738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_4.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3e5c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_5.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_5.provxml.RYK, type = size, size_out = 3714 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_5.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3e60
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_6.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_6.provxml.RYK, type = size, size_out = 2642 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_6.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3e64
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime.xml.RYK, type = size, size_out = 1586 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3e68
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\User Account Pictures\Administrator.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\User Account Pictures\Administrator.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x3e6c
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\User Account Pictures\CIiHmnxMn6Ps.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\User Account Pictures\CIiHmnxMn6Ps.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x3e70
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\User Account Pictures\guest.bmp.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\User Account Pictures\guest.bmp.RYK, type = size, size_out = 803154 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\User Account Pictures\guest.bmp.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3e74
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\User Account Pictures\guest.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\User Account Pictures\guest.png.RYK, type = size, size_out = 5682 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\User Account Pictures\guest.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3e78
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\User Account Pictures\user-192.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\User Account Pictures\user-192.png.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\User Account Pictures\user-192.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3e7c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png.RYK, type = size, size_out = 690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3e80
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\User Account Pictures\user-40.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\User Account Pictures\user-40.png.RYK, type = size, size_out = 722 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\User Account Pictures\user-40.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3e84
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png.RYK, type = size, size_out = 786 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3e88
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\User Account Pictures\user.bmp.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\User Account Pictures\user.bmp.RYK, type = size, size_out = 803154 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\User Account Pictures\user.bmp.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3e8c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\User Account Pictures\user.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\User Account Pictures\user.png.RYK, type = size, size_out = 5682 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\User Account Pictures\user.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3e90
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch.RYK, type = size, size_out = 434 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3e94
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3e98
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3e9c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol.RYK, type = size, size_out = 722 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3eb8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsBase.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsBase.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsBase.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3ebc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsDlta.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsDlta.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsDlta.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3ec0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvBase.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvBase.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvBase.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3ec4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvDlta.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvDlta.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvDlta.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3ec8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisBase.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisBase.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisBase.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3ecc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisFull.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisFull.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisFull.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3ed0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Network Inspection System\Support\NisLog.txt.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Network Inspection System\Support\NisLog.txt.RYK, type = size, size_out = 35090 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Network Inspection System\Support\NisLog.txt.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3ed8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\CacheManager\MpScanCache-1.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\CacheManager\MpScanCache-1.bin, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\CacheManager\MpScanCache-1.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3edc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\00\192.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\00\192.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\00\192.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3ee0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\198.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\198.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\198.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3ee4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\263.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\263.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\263.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3ee8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\271.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\271.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\271.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3eec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\02\303.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\02\303.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\02\303.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3ef0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\03\324.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\03\324.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\03\324.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3ef4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\259.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\259.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\259.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3ef8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\261.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\261.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\261.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3efc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\191.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\191.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\191.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3f00
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\199.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\199.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\199.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3f04
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\317.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\317.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\317.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3f08
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\06\13710.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\06\13710.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\06\13710.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3f0c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\07\273.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\07\273.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\07\273.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3f10
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\13711.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\13711.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\13711.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3f14
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\238.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\238.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\238.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3f18
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\287.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\287.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\287.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3f1c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\197.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\197.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\197.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3f20
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\267.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\267.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\267.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3f24
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\286.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\286.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\286.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3f28
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\11\200.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\11\200.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\11\200.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3f2c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\12\194.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\12\194.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\12\194.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3f30
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\13\278.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\13\278.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\13\278.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3f34
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\14\9664.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\14\9664.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\14\9664.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3f38
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\13712.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\13712.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\13712.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3f3c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\196.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\196.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\196.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3f40
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\262.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\262.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\262.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3f44
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\288.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\288.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\288.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3f48
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\193.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\193.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\193.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3f4c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\300.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\300.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\300.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3f50
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107001.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107001.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107001.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3f54
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107002.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107002.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107002.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3f58
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\195.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\195.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\195.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3f5c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\266.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\266.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\266.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3f60
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\272.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\272.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\272.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3f64
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\328.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\328.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\328.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3f68
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\20\189.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\20\189.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\20\189.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3f6c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\13719.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\13719.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\13719.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3f70
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\260.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\260.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\260.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3f74
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\22\323.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\22\323.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\22\323.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3f78
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log.RYK, type = size, size_out = 24 |
|
2 |
Thread 0x3f7c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\1\0000000000000000.idx.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\1\0000000000000000.idx.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\1\0000000000000000.idx.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3f80
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\0000000000000000.idx.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\0000000000000000.idx.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\0000000000000000.idx.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3f84
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat.RYK, type = size, size_out = 514 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3f88
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat.RYK, type = size, size_out = 738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3f8c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\94\A75BFDE52F3DD8E6.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\94\A75BFDE52F3DD8E6.dat.RYK, type = size, size_out = 642 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\94\A75BFDE52F3DD8E6.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3f90
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\3\0000000000000000.idx.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\3\0000000000000000.idx.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\3\0000000000000000.idx.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3f94
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\4\0000000000000000.idx.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\4\0000000000000000.idx.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\4\0000000000000000.idx.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3f98
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67.RYK, type = size, size_out = 187773223 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3f9c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E.RYK, type = size, size_out = 3354914 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3fa0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80.RYK, type = size, size_out = 12480806 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3fa4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87.RYK, type = size, size_out = 2519330 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3fa8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0.RYK, type = size, size_out = 4600098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3fac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CB.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CB.RYK, type = size, size_out = 295202 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CB.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3fb0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CC.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CC.RYK, type = size, size_out = 553250 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CC.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3fb4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.RYK, type = size, size_out = 10707341 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3fb8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE0.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE0.RYK, type = size, size_out = 59793703 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE0.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3fbc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1.RYK, type = size, size_out = 5488934 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3fc0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VF.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VF.RYK, type = size, size_out = 1933346 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VF.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3fc4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\MpDiag.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\MpDiag.bin.RYK, type = size, size_out = 402 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Scans\MpDiag.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3fc8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Live\WLive48x48.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Live\WLive48x48.png.RYK, type = size, size_out = 4946 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Live\WLive48x48.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3fd0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\confident.cov, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\confident.cov, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\confident.cov.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3fd4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\fyi.cov, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\fyi.cov, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\fyi.cov.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3fd8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\generic.cov, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\generic.cov, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\generic.cov.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3fdc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\urgent.cov, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\urgent.cov, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\urgent.cov.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3fe0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\WelcomeFax.tif, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\WelcomeFax.tif, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\WelcomeFax.tif.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3fe8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows NT\MSScan\WelcomeScan.jpg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows NT\MSScan\WelcomeScan.jpg, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows NT\MSScan\WelcomeScan.jpg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3fec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft OneDrive\setup\refcount.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft OneDrive\setup\refcount.ini.RYK, type = size, size_out = 306 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft OneDrive\setup\refcount.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3ff0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp.RYK, type = size, size_out = 338 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3ff4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8.RYK, type = size, size_out = 82552220 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3ff8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, type = size, size_out = 997330 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3ffc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, type = size, size_out = 143650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x55c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm.RYK, type = size, size_out = 930 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0xc2c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, type = size, size_out = 5800522 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3ea0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, type = size, size_out = 151842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3eb0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm.RYK, type = size, size_out = 930 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4004
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm.RYK, type = size, size_out = 1042 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x400c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, type = size, size_out = 1463154 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4010
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, type = size, size_out = 147746 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4014
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, type = size, size_out = 5588550 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4018
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, type = size, size_out = 143650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x401c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, type = size, size_out = 1266802 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4020
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, type = size, size_out = 147746 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4024
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, type = size, size_out = 1034786 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4028
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, type = size, size_out = 143650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4034
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, type = size, size_out = 5154110 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4038
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, type = size, size_out = 151842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x403c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, type = size, size_out = 821970 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4040
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, type = size, size_out = 151842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4044
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, type = size, size_out = 4989074 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4048
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, type = size, size_out = 143650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x404c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm.RYK, type = size, size_out = 930 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4050
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, type = size, size_out = 810050 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4054
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, type = size, size_out = 151842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4060
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, type = size, size_out = 5881611 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4064
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, type = size, size_out = 143650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4068
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm.RYK, type = size, size_out = 1042 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x406c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm.RYK, type = size, size_out = 930 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4070
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, type = size, size_out = 4933186 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4074
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, type = size, size_out = 143650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4078
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag.RYK, type = size, size_out = 1362 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x407c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag.RYK, type = size, size_out = 1362 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4080
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag.RYK, type = size, size_out = 1362 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4084
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag, destination_filename = C:\Documents and Settings\All Users\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4088
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\desktop.ini.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x408c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Access 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Access 2016.lnk.RYK, type = size, size_out = 2706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Access 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4090
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Access.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Access.lnk.RYK, type = size, size_out = 2706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Access.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4094
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessibility\Desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessibility\Desktop.ini.RYK, type = size, size_out = 658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessibility\Desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4098
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessibility\Speech Recognition.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessibility\Speech Recognition.lnk.RYK, type = size, size_out = 1522 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessibility\Speech Recognition.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x40a8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\Sticky Notes.lnk.RYK, type = size, size_out = 1762 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\Sticky Notes.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x40ac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk.RYK, type = size, size_out = 1458 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x40b0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\Paint.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\Paint.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\Paint.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x40b4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk.RYK, type = size, size_out = 1490 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x40b8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x40bc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk.RYK, type = size, size_out = 1378 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x40c0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\Sticky Notes.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\Sticky Notes.lnk.RYK, type = size, size_out = 1474 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\Sticky Notes.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x40c4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\Character Map.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\Character Map.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\Character Map.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x40c8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\desktop.ini.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x40cc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini.RYK, type = size, size_out = 466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x40d0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x40d4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk.RYK, type = size, size_out = 1378 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x40d8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Media Player.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Media Player.lnk.RYK, type = size, size_out = 1634 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\Windows Media Player.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x40dc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x40e0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x40e4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x40ec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Component Services.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Component Services.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Component Services.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x40f0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Computer Management.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Computer Management.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Computer Management.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x40f4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini.RYK, type = size, size_out = 2882 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x40f8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x40fc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4100
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Event Viewer.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Event Viewer.lnk.RYK, type = size, size_out = 1458 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Event Viewer.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4104
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk.RYK, type = size, size_out = 1426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4108
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk.RYK, type = size, size_out = 1426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x410c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk.RYK, type = size, size_out = 1426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4110
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk.RYK, type = size, size_out = 1426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4114
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4118
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x411c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4120
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4124
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4128
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Configuration.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Configuration.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Configuration.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x412c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Information.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Information.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\System Information.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4130
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4134
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4138
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\desktop.ini.RYK, type = size, size_out = 1298 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x413c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Desktop.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Desktop.lnk.RYK, type = size, size_out = 1138 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Desktop.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4140
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk.RYK, type = size, size_out = 2482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4144
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk.RYK, type = size, size_out = 2706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4148
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Excel.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Excel.lnk.RYK, type = size, size_out = 2706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Excel.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x414c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Immersive Control Panel.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Immersive Control Panel.lnk.RYK, type = size, size_out = 2626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Immersive Control Panel.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4150
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Java\About Java.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Java\About Java.lnk.RYK, type = size, size_out = 2386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Java\About Java.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4154
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Java\Check For Updates.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Java\Check For Updates.lnk.RYK, type = size, size_out = 2402 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Java\Check For Updates.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4158
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Java\Configure Java.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Java\Configure Java.lnk.RYK, type = size, size_out = 2354 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Java\Configure Java.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x415c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Java\Get Help.url.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Java\Get Help.url.RYK, type = size, size_out = 466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Java\Get Help.url.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4160
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url.RYK, type = size, size_out = 466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4164
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4168
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Database Compare 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Database Compare 2016.lnk.RYK, type = size, size_out = 2850 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Database Compare 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x416c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Language Preferences.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Language Preferences.lnk.RYK, type = size, size_out = 2722 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Language Preferences.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4170
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk.RYK, type = size, size_out = 2866 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4174
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk.RYK, type = size, size_out = 2866 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4178
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Skype for Business Recording Manager.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Skype for Business Recording Manager.lnk.RYK, type = size, size_out = 2754 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Skype for Business Recording Manager.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x417c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk.RYK, type = size, size_out = 2850 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4180
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Dashboard for Office 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Dashboard for Office 2016.lnk.RYK, type = size, size_out = 2802 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Dashboard for Office 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4184
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Log for Office 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Log for Office 2016.lnk.RYK, type = size, size_out = 2866 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Log for Office 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4188
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\MiracastView.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\MiracastView.lnk.RYK, type = size, size_out = 2498 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\MiracastView.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x418c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\OneDrive for Business.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\OneDrive for Business.lnk.RYK, type = size, size_out = 2482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\OneDrive for Business.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4190
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\OneNote 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\OneNote 2016.lnk.RYK, type = size, size_out = 2674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\OneNote 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4194
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4198
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Outlook.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Outlook.lnk.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Outlook.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x419c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\PowerPoint 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\PowerPoint 2016.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\PowerPoint 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x41a0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x41a4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk.RYK, type = size, size_out = 2482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x41a8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Project 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Project 2016.lnk.RYK, type = size, size_out = 2754 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Project 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x41ac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Project.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Project.lnk.RYK, type = size, size_out = 2450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Project.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x41b0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Publisher 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Publisher 2016.lnk.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Publisher 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x41b4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Publisher.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Publisher.lnk.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Publisher.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x41b8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Search.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Search.lnk.RYK, type = size, size_out = 1874 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Search.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x41bc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Skype for Business 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Skype for Business 2016.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Skype for Business 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x41c0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x41c4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\StartUp\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\StartUp\desktop.ini.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\StartUp\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x41d0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk.RYK, type = size, size_out = 1538 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x41d4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini.RYK, type = size, size_out = 738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x41d8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x41dc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x41e0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Visio.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Visio.lnk.RYK, type = size, size_out = 2434 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Visio.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x41e4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x41e8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Word.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Word.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Word.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x41ec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml.RYK, type = size, size_out = 1122 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x41f0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x41f4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x41f8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x41fc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4200
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4204
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4208
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x420c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4210
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4214
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4218
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x421c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4220
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4224
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4228
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x422c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4230
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4234
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4238
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl.RYK, type = size, size_out = 4386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x423c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4240
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4244
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateUx.001.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateUx.001.etl.RYK, type = size, size_out = 4386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Application Data\USOShared\Logs\UpdateUx.001.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4248
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Desktop\Acrobat Reader DC.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Desktop\Acrobat Reader DC.lnk.RYK, type = size, size_out = 2418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Desktop\Acrobat Reader DC.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x424c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Desktop\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Desktop\desktop.ini.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Desktop\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4250
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Documents\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Documents\desktop.ini.RYK, type = size, size_out = 562 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Documents\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4254
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Documents\My Music\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Documents\My Music\desktop.ini.RYK, type = size, size_out = 658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Documents\My Music\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4258
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Documents\My Pictures\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Documents\My Pictures\desktop.ini.RYK, type = size, size_out = 658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Documents\My Pictures\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x425c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Documents\My Videos\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Documents\My Videos\desktop.ini.RYK, type = size, size_out = 658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Documents\My Videos\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4260
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\MasterDescriptor.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\MasterDescriptor.en-us.xml.RYK, type = size, size_out = 22370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\MasterDescriptor.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4264
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\s641033.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\s641033.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\s641033.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4268
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\stream.x64.en-us.man.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\stream.x64.en-us.man.dat.RYK, type = size, size_out = 882914 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\stream.x64.en-us.man.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x426c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\MasterDescriptor.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\MasterDescriptor.x-none.xml.RYK, type = size, size_out = 21298 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\MasterDescriptor.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4270
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\s640.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\s640.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\s640.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4274
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\stream.x64.x-none.man.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\stream.x64.x-none.man.dat.RYK, type = size, size_out = 3688738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\stream.x64.x-none.man.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4278
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\MasterDescriptor.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\MasterDescriptor.en-us.xml.RYK, type = size, size_out = 22370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\MasterDescriptor.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x427c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\s641033.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\s641033.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\s641033.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4280
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\stream.x64.en-us.man.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\stream.x64.en-us.man.dat.RYK, type = size, size_out = 882914 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\stream.x64.en-us.man.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4284
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\MasterDescriptor.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\MasterDescriptor.x-none.xml.RYK, type = size, size_out = 21298 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\MasterDescriptor.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4288
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\s640.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\s640.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\s640.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x428c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\stream.x64.x-none.man.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\stream.x64.x-none.man.dat.RYK, type = size, size_out = 3688738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\stream.x64.x-none.man.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4290
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml.RYK, type = size, size_out = 2258 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4294
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml.RYK, type = size, size_out = 2258 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4298
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml.RYK, type = size, size_out = 1666 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x429c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml.RYK, type = size, size_out = 898 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x42a0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml.RYK, type = size, size_out = 6036539 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x42a4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserDeploymentConfiguration.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserDeploymentConfiguration.xml.RYK, type = size, size_out = 898 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserDeploymentConfiguration.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x42a8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml.RYK, type = size, size_out = 3788098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x42ac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\MasterDescriptor.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\MasterDescriptor.en-us.xml.RYK, type = size, size_out = 32226 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\MasterDescriptor.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x42b0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\s641033.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\s641033.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\s641033.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x42b4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\Stream.Platform.Culture.man.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\Stream.Platform.Culture.man.xml.RYK, type = size, size_out = 1851890 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\Stream.Platform.Culture.man.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x42b8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.hash.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x42bc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.man.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.man.dat.RYK, type = size, size_out = 1067426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.man.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x42c0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\MasterDescriptor.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\MasterDescriptor.x-none.xml.RYK, type = size, size_out = 32482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\MasterDescriptor.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x42c4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\s640.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\s640.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\s640.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x42c8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\Stream.Platform.x-none.man.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\Stream.Platform.x-none.man.xml.RYK, type = size, size_out = 9671842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\Stream.Platform.x-none.man.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x42cc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.hash.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x42d0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.man.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.man.dat.RYK, type = size, size_out = 5437238 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.man.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x42d4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man.RYK, type = size, size_out = 414002 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x42d8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 43202 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x42e0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml.RYK, type = size, size_out = 61042 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x42e4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml.RYK, type = size, size_out = 2322 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x42e8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 16514 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x42ec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml.RYK, type = size, size_out = 10098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x42f0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 559650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x42f4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml.RYK, type = size, size_out = 37794 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x42f8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 106850 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x42fc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml.RYK, type = size, size_out = 22402 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4300
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml.RYK, type = size, size_out = 17250 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4304
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml.RYK, type = size, size_out = 346466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4308
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml.RYK, type = size, size_out = 125810 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x430c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml.RYK, type = size, size_out = 2322 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4310
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 99922 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4314
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml.RYK, type = size, size_out = 18738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4318
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 1810 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x431c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml.RYK, type = size, size_out = 11330 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4320
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 2594 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4324
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml.RYK, type = size, size_out = 11426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4328
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 99458 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x432c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml.RYK, type = size, size_out = 97170 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4330
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 813890 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4334
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 109986 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4338
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml.RYK, type = size, size_out = 27122 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x433c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 36226 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4340
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml.RYK, type = size, size_out = 32450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4344
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml.RYK, type = size, size_out = 27810 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4348
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml.RYK, type = size, size_out = 26082 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x434c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.RYK, type = size, size_out = 26082 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4350
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml.RYK, type = size, size_out = 2322 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4354
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 80834 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4358
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml.RYK, type = size, size_out = 13650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x435c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 745058 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4360
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 194514 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4364
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml.RYK, type = size, size_out = 1175698 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4368
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 92610 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x436c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml.RYK, type = size, size_out = 78466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4370
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates Logon.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates Logon.xml.RYK, type = size, size_out = 4370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates Logon.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4374
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml.RYK, type = size, size_out = 7058 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4378
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerLogon.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerLogon.xml.RYK, type = size, size_out = 3106 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerLogon.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x437c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml.RYK, type = size, size_out = 3282 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4380
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml.RYK, type = size, size_out = 3586 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4384
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml.RYK, type = size, size_out = 3522 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4388
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man.RYK, type = size, size_out = 114018 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x438c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man.RYK, type = size, size_out = 1077666 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4390
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, type = size, size_out = 338 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4394
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, type = size, size_out = 338 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4398
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848.RYK, type = size, size_out = 1842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x439c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x43a0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x43a4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x43a8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x43ac
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x43b0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x43b4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x43b8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x43bc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x43c0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x43c4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x43c8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x43cc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x43d0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x43d4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x43d8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x43dc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x43e0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x43e4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x43e8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x43ec
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x43f0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x43f4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x43f8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x43fc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3fe4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_settings.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_settings.ico, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_settings.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x405c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4404
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static.RYK, type = size, size_out = 2898 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4408
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Diagnosis\DownloadedSettings\cfc.flights.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Diagnosis\DownloadedSettings\cfc.flights.json, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Diagnosis\DownloadedSettings\cfc.flights.json.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x440c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4410
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk.RYK, type = size, size_out = 962 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4414
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4418
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk.RYK, type = size, size_out = 1634 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x441c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl.RYK, type = size, size_out = 917794 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4420
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Diagnosis\events00.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Diagnosis\events00.rbs, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Diagnosis\events00.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4424
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Diagnosis\events01.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Diagnosis\events01.rbs, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Diagnosis\events01.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4428
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Diagnosis\events10.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Diagnosis\events10.rbs, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Diagnosis\events10.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x442c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Diagnosis\events11.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Diagnosis\events11.rbs, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Diagnosis\events11.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4430
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Diagnosis\parse.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Diagnosis\parse.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Diagnosis\parse.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x443c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\MF\Active.GRL.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\MF\Active.GRL.RYK, type = size, size_out = 15250 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\MF\Active.GRL.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4440
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\MF\Pending.GRL.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\MF\Pending.GRL.RYK, type = size, size_out = 15250 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\MF\Pending.GRL.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4444
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4448
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x444c
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Office\ClickToRunPackageLocker.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Office\ClickToRunPackageLocker.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x4450
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\countrytable.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\countrytable.xml, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\countrytable.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4454
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml.RYK, type = size, size_out = 4018 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4458
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x445c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 2098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4460
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 2098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4464
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml.RYK, type = size, size_out = 834 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4468
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml.RYK, type = size, size_out = 1538 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x446c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4470
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 642 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4474
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 642 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4478
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml.RYK, type = size, size_out = 626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x447c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml.RYK, type = size, size_out = 5810 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4480
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4484
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 3570 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4488
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 3570 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x448c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml.RYK, type = size, size_out = 594 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4490
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml.RYK, type = size, size_out = 6818 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4494
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4498
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 3314 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x449c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 2114 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x44a0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_2.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_2.provxml.RYK, type = size, size_out = 2594 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_2.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x44a4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml.RYK, type = size, size_out = 866 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x44a8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml.RYK, type = size, size_out = 8274 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x44ac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x44b0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 4322 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x44b4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 3586 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x44b8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_2.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_2.provxml.RYK, type = size, size_out = 2098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_2.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x44bc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml.RYK, type = size, size_out = 834 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x44c0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml.RYK, type = size, size_out = 1266 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x44c4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x44c8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 914 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x44cc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime.xml.RYK, type = size, size_out = 482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x44d0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\customizations.xml.RYK, type = size, size_out = 2514 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x44d4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x44d8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 1938 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x44dc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml.RYK, type = size, size_out = 626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x44e0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml.RYK, type = size, size_out = 7618 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x44e4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x44e8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 7362 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x44ec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime.xml.RYK, type = size, size_out = 626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x44f0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\customizations.xml.RYK, type = size, size_out = 3634 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x44f8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x44fc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 2098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4500
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 2098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4504
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime.xml.RYK, type = size, size_out = 594 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4508
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml.RYK, type = size, size_out = 2498 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x450c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4510
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 1922 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4514
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime.xml.RYK, type = size, size_out = 626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4518
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\customizations.xml.RYK, type = size, size_out = 2098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x451c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4520
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 1330 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4524
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime.xml.RYK, type = size, size_out = 626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4528
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml.RYK, type = size, size_out = 3778 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x452c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4530
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 2130 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4534
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 2130 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4538
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime.xml.RYK, type = size, size_out = 594 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x453c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\customizations.xml.RYK, type = size, size_out = 25778 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4540
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4544
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 6114 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4548
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 1698 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x454c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_2.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_2.provxml.RYK, type = size, size_out = 4402 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_2.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4550
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_3.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_3.provxml.RYK, type = size, size_out = 6482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_3.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4554
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_4.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_4.provxml.RYK, type = size, size_out = 6738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_4.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4558
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_5.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_5.provxml.RYK, type = size, size_out = 3714 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_5.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x455c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_6.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_6.provxml.RYK, type = size, size_out = 2642 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_6.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4560
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime.xml.RYK, type = size, size_out = 1586 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4564
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Administrator.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Administrator.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x4568
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\CIiHmnxMn6Ps.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\CIiHmnxMn6Ps.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x456c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\guest.bmp.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\guest.bmp.RYK, type = size, size_out = 803154 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\guest.bmp.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4570
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\guest.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\guest.png.RYK, type = size, size_out = 5682 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\guest.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4574
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\user-192.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\user-192.png.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\user-192.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4578
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\user-32.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\user-32.png.RYK, type = size, size_out = 690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\user-32.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x457c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\user-40.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\user-40.png.RYK, type = size, size_out = 722 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\user-40.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4580
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\user-48.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\user-48.png.RYK, type = size, size_out = 786 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\user-48.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4584
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\user.bmp.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\user.bmp.RYK, type = size, size_out = 803154 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\user.bmp.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4588
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\user.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\user.png.RYK, type = size, size_out = 5682 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\user.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x458c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch.RYK, type = size, size_out = 434 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4590
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4594
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4598
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol.RYK, type = size, size_out = 722 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x459c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsBase.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsBase.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsBase.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x45a0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsDlta.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsDlta.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAsDlta.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x45a4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvBase.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvBase.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvBase.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x45a8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvDlta.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvDlta.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpAvDlta.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x45ac
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisBase.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisBase.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisBase.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x45b0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisFull.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisFull.vdm, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Default\NisFull.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x45b4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Network Inspection System\Support\NisLog.txt.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Network Inspection System\Support\NisLog.txt.RYK, type = size, size_out = 35090 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Network Inspection System\Support\NisLog.txt.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x45b8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\CacheManager\MpScanCache-1.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\CacheManager\MpScanCache-1.bin, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\CacheManager\MpScanCache-1.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x45bc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\00\192.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\00\192.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\00\192.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x45c0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\198.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\198.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\198.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x45c4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\263.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\263.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\263.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x45c8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\271.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\271.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\271.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x45cc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\02\303.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\02\303.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\02\303.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x45d0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\03\324.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\03\324.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\03\324.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x45d4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\259.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\259.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\259.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x45d8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\261.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\261.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\261.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x45dc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\191.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\191.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\191.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x45e0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\199.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\199.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\199.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x45e4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\317.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\317.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\317.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x45e8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\06\13710.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\06\13710.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\06\13710.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x45ec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\07\273.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\07\273.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\07\273.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x45f0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\13711.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\13711.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\13711.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x45f4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\238.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\238.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\238.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x45f8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\287.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\287.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\287.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x45fc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\197.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\197.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\197.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4600
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\267.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\267.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\267.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4604
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\286.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\286.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\286.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4608
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\11\200.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\11\200.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\11\200.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x460c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\12\194.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\12\194.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\12\194.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4610
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\13\278.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\13\278.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\13\278.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4614
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\14\9664.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\14\9664.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\14\9664.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4618
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\13712.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\13712.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\13712.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x461c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\196.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\196.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\196.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4620
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\262.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\262.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\262.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4624
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\288.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\288.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\288.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4628
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\193.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\193.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\193.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x462c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\300.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\300.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\300.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4630
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107001.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107001.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107001.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4634
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107002.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107002.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107002.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4638
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\195.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\195.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\195.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x463c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\266.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\266.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\266.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4640
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\272.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\272.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\272.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4644
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\328.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\328.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\328.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4648
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\20\189.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\20\189.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\20\189.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x464c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\13719.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\13719.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\13719.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4650
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\260.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\260.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\260.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4654
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\22\323.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\22\323.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\22\323.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4658
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log.RYK, type = size, size_out = 24 |
|
2 |
Thread 0x465c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\MetaStore\1\0000000000000000.idx.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\MetaStore\1\0000000000000000.idx.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\MetaStore\1\0000000000000000.idx.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4660
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\0000000000000000.idx.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\0000000000000000.idx.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\0000000000000000.idx.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4664
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat.RYK, type = size, size_out = 514 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4668
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat.RYK, type = size, size_out = 738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x466c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\94\A75BFDE52F3DD8E6.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\94\A75BFDE52F3DD8E6.dat.RYK, type = size, size_out = 642 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\94\A75BFDE52F3DD8E6.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4670
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\MetaStore\3\0000000000000000.idx.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\MetaStore\3\0000000000000000.idx.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\MetaStore\3\0000000000000000.idx.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4674
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\MetaStore\4\0000000000000000.idx.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\MetaStore\4\0000000000000000.idx.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\MetaStore\4\0000000000000000.idx.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4678
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67.RYK, type = size, size_out = 187773223 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x467c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E.RYK, type = size, size_out = 3354914 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4680
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80.RYK, type = size, size_out = 12480806 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4684
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87.RYK, type = size, size_out = 2519330 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4688
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0.RYK, type = size, size_out = 4600098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x468c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CB.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CB.RYK, type = size, size_out = 295202 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CB.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4690
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CC.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CC.RYK, type = size, size_out = 553250 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CC.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4694
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.RYK, type = size, size_out = 10707341 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4698
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE0.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE0.RYK, type = size, size_out = 59793703 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE0.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x469c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1.RYK, type = size, size_out = 5488934 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x46a0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VF.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VF.RYK, type = size, size_out = 1933346 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VF.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x46a4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\MpDiag.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\MpDiag.bin.RYK, type = size, size_out = 402 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\MpDiag.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x46a8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Live\WLive48x48.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Live\WLive48x48.png.RYK, type = size, size_out = 4946 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Live\WLive48x48.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x46ac
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\confident.cov, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\confident.cov, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\confident.cov.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x46b0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\fyi.cov, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\fyi.cov, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\fyi.cov.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x46b4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\generic.cov, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\generic.cov, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\generic.cov.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x46b8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\urgent.cov, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\urgent.cov, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\urgent.cov.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x46bc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\WelcomeFax.tif, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\WelcomeFax.tif, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\WelcomeFax.tif.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x46c0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSScan\WelcomeScan.jpg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSScan\WelcomeScan.jpg, destination_filename = C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSScan\WelcomeScan.jpg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x46c4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Microsoft OneDrive\setup\refcount.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Microsoft OneDrive\setup\refcount.ini.RYK, type = size, size_out = 306 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Microsoft OneDrive\setup\refcount.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x46c8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp.RYK, type = size, size_out = 338 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x46cc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Oracle\Java\installcache_x64\baseimagefam8.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Oracle\Java\installcache_x64\baseimagefam8.RYK, type = size, size_out = 82552220 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Oracle\Java\installcache_x64\baseimagefam8.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x46d0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, type = size, size_out = 997330 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x46d4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, type = size, size_out = 143650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x46d8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm.RYK, type = size, size_out = 930 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x46dc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, type = size, size_out = 5800522 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x46e0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, type = size, size_out = 151842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x46e4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm.RYK, type = size, size_out = 930 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x46e8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm.RYK, type = size, size_out = 1042 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x46ec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, type = size, size_out = 1463154 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x46f0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, type = size, size_out = 147746 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x46f4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, type = size, size_out = 5588550 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x46f8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, type = size, size_out = 143650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x46fc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, type = size, size_out = 1266802 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4700
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, type = size, size_out = 147746 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4704
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, type = size, size_out = 1034786 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4708
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, type = size, size_out = 143650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x470c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, type = size, size_out = 5154110 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4710
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, type = size, size_out = 151842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4714
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, type = size, size_out = 821970 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4718
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, type = size, size_out = 151842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x471c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, type = size, size_out = 4989074 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4720
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, type = size, size_out = 143650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4724
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm.RYK, type = size, size_out = 930 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4728
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, type = size, size_out = 810050 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x472c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, type = size, size_out = 151842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4730
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, type = size, size_out = 5881611 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4734
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, type = size, size_out = 143650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4738
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm.RYK, type = size, size_out = 1042 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x473c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm.RYK, type = size, size_out = 930 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4740
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, type = size, size_out = 4933186 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4744
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, type = size, size_out = 143650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4748
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag.RYK, type = size, size_out = 1362 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x474c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag.RYK, type = size, size_out = 1362 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4750
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag.RYK, type = size, size_out = 1362 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4754
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag, destination_filename = C:\Documents and Settings\All Users\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4758
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\desktop.ini.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x475c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Access 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Access 2016.lnk.RYK, type = size, size_out = 2706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Access 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4760
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Access.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Access.lnk.RYK, type = size, size_out = 2706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Access.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4764
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessibility\Desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessibility\Desktop.ini.RYK, type = size, size_out = 658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessibility\Desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4768
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessibility\Speech Recognition.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessibility\Speech Recognition.lnk.RYK, type = size, size_out = 1522 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessibility\Speech Recognition.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x476c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\desktop.ini.RYK, type = size, size_out = 1762 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4770
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk.RYK, type = size, size_out = 1458 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4774
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\Paint.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\Paint.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\Paint.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4778
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk.RYK, type = size, size_out = 1490 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x477c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4780
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk.RYK, type = size, size_out = 1378 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4784
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\Sticky Notes.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\Sticky Notes.lnk.RYK, type = size, size_out = 1474 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\Sticky Notes.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4788
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\System Tools\Character Map.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\System Tools\Character Map.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\System Tools\Character Map.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x478c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\System Tools\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\System Tools\desktop.ini.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\System Tools\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4790
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini.RYK, type = size, size_out = 466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4794
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4798
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk.RYK, type = size, size_out = 1378 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x479c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\Windows Media Player.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\Windows Media Player.lnk.RYK, type = size, size_out = 1634 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\Windows Media Player.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x47a0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x47a4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x47a8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x47ac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\Component Services.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\Component Services.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\Component Services.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x47b0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\Computer Management.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\Computer Management.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\Computer Management.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x47b4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini.RYK, type = size, size_out = 2882 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x47b8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x47bc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x47c0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\Event Viewer.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\Event Viewer.lnk.RYK, type = size, size_out = 1458 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\Event Viewer.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x47c4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk.RYK, type = size, size_out = 1426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x47c8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk.RYK, type = size, size_out = 1426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x47cc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk.RYK, type = size, size_out = 1426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x47d0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk.RYK, type = size, size_out = 1426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x47d4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x47d8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\Print Management.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x47dc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x47e0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x47e4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\services.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\services.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\services.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x47e8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\System Configuration.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\System Configuration.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\System Configuration.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x47ec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\System Information.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\System Information.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\System Information.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x47f0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x47f4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x47f8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\desktop.ini.RYK, type = size, size_out = 1298 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x47fc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Desktop.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Desktop.lnk.RYK, type = size, size_out = 1138 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Desktop.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x40a4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Devices Flow.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Devices Flow.lnk.RYK, type = size, size_out = 2482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Devices Flow.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x41c8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Excel 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Excel 2016.lnk.RYK, type = size, size_out = 2706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Excel 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3ea8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Excel.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Excel.lnk.RYK, type = size, size_out = 2706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Excel.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3ed4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Immersive Control Panel.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Immersive Control Panel.lnk.RYK, type = size, size_out = 2626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Immersive Control Panel.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x40a0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Java\About Java.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Java\About Java.lnk.RYK, type = size, size_out = 2386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Java\About Java.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4008
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Java\Check For Updates.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Java\Check For Updates.lnk.RYK, type = size, size_out = 2402 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Java\Check For Updates.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3fcc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Java\Configure Java.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Java\Configure Java.lnk.RYK, type = size, size_out = 2354 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Java\Configure Java.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3ea4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Java\Get Help.url.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Java\Get Help.url.RYK, type = size, size_out = 466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Java\Get Help.url.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3eb4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Java\Visit Java.com.url.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Java\Visit Java.com.url.RYK, type = size, size_out = 466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Java\Visit Java.com.url.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4438
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Maintenance\Desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Maintenance\Desktop.ini.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Maintenance\Desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3eac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Database Compare 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Database Compare 2016.lnk.RYK, type = size, size_out = 2850 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Database Compare 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x44f4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Language Preferences.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Language Preferences.lnk.RYK, type = size, size_out = 2722 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Language Preferences.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4030
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk.RYK, type = size, size_out = 2866 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4804
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk.RYK, type = size, size_out = 2866 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4808
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Skype for Business Recording Manager.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Skype for Business Recording Manager.lnk.RYK, type = size, size_out = 2754 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Skype for Business Recording Manager.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x480c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk.RYK, type = size, size_out = 2850 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4810
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Dashboard for Office 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Dashboard for Office 2016.lnk.RYK, type = size, size_out = 2802 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Dashboard for Office 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4814
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Log for Office 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Log for Office 2016.lnk.RYK, type = size, size_out = 2866 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Log for Office 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4818
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\MiracastView.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\MiracastView.lnk.RYK, type = size, size_out = 2498 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\MiracastView.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x481c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\OneDrive for Business.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\OneDrive for Business.lnk.RYK, type = size, size_out = 2482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\OneDrive for Business.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4820
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\OneNote 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\OneNote 2016.lnk.RYK, type = size, size_out = 2674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\OneNote 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4824
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Outlook 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Outlook 2016.lnk.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Outlook 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4828
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Outlook.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Outlook.lnk.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Outlook.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x482c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\PowerPoint 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\PowerPoint 2016.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\PowerPoint 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4830
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\PowerPoint.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\PowerPoint.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\PowerPoint.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4834
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\PrintDialog.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\PrintDialog.lnk.RYK, type = size, size_out = 2482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\PrintDialog.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4838
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Project 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Project 2016.lnk.RYK, type = size, size_out = 2754 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Project 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x483c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Project.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Project.lnk.RYK, type = size, size_out = 2450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Project.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4840
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Publisher 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Publisher 2016.lnk.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Publisher 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4844
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Publisher.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Publisher.lnk.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Publisher.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4848
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Search.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Search.lnk.RYK, type = size, size_out = 1874 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Search.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x484c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Skype for Business 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Skype for Business 2016.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Skype for Business 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4850
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Skype for Business.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Skype for Business.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Skype for Business.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4854
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\StartUp\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\StartUp\desktop.ini.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\StartUp\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4858
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk.RYK, type = size, size_out = 1538 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x485c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\System Tools\Desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\System Tools\Desktop.ini.RYK, type = size, size_out = 738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\System Tools\Desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4860
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4864
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Visio 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Visio 2016.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Visio 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4868
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Visio.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Visio.lnk.RYK, type = size, size_out = 2434 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Visio.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x486c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Word 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Word 2016.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Word 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4870
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Word.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Word.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\Start Menu\Programs\Word.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4874
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml.RYK, type = size, size_out = 1122 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4878
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x487c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4880
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4884
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4888
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x488c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4890
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4894
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4898
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x489c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x48a0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x48a4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x48a8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x48ac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x48b0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x48b4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x48b8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x48bc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x48c0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl.RYK, type = size, size_out = 4386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x48c4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x48c8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x48cc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateUx.001.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateUx.001.etl.RYK, type = size, size_out = 4386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Application Data\USOShared\Logs\UpdateUx.001.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x48d0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Desktop\Acrobat Reader DC.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Desktop\Acrobat Reader DC.lnk.RYK, type = size, size_out = 2418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Desktop\Acrobat Reader DC.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x48d4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Desktop\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Desktop\desktop.ini.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Desktop\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x48d8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Documents\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Documents\desktop.ini.RYK, type = size, size_out = 562 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Documents\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x48dc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Documents\My Music\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Documents\My Music\desktop.ini.RYK, type = size, size_out = 658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Documents\My Music\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x48e0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Documents\My Pictures\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Documents\My Pictures\desktop.ini.RYK, type = size, size_out = 658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Documents\My Pictures\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x48e4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Documents\My Videos\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Documents\My Videos\desktop.ini.RYK, type = size, size_out = 658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Documents\My Videos\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x48e8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\MasterDescriptor.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\MasterDescriptor.en-us.xml.RYK, type = size, size_out = 22370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\MasterDescriptor.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x48ec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\s641033.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\s641033.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\s641033.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x48f0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\stream.x64.en-us.man.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\stream.x64.en-us.man.dat.RYK, type = size, size_out = 882914 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\en-us.16\stream.x64.en-us.man.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x48f4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\MasterDescriptor.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\MasterDescriptor.x-none.xml.RYK, type = size, size_out = 21298 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\MasterDescriptor.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x48f8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\s640.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\s640.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\s640.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x48fc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\stream.x64.x-none.man.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\stream.x64.x-none.man.dat.RYK, type = size, size_out = 3688738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\8C296B8E-6699-457C-9415-3D0647E1D775\x-none.16\stream.x64.x-none.man.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4900
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\MasterDescriptor.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\MasterDescriptor.en-us.xml.RYK, type = size, size_out = 22370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\MasterDescriptor.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4904
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\s641033.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\s641033.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\s641033.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4908
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\stream.x64.en-us.man.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\stream.x64.en-us.man.dat.RYK, type = size, size_out = 882914 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\stream.x64.en-us.man.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x490c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\MasterDescriptor.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\MasterDescriptor.x-none.xml.RYK, type = size, size_out = 21298 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\MasterDescriptor.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4910
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\s640.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\s640.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\s640.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4914
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\stream.x64.x-none.man.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\stream.x64.x-none.man.dat.RYK, type = size, size_out = 3688738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\stream.x64.x-none.man.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4918
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\DeploymentConfig.0.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\DeploymentConfig.0.xml.RYK, type = size, size_out = 2258 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\DeploymentConfig.0.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x491c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\DeploymentConfig.1.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\DeploymentConfig.1.xml.RYK, type = size, size_out = 2258 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\DeploymentConfig.1.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4920
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\DeploymentConfig.2.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\DeploymentConfig.2.xml.RYK, type = size, size_out = 1666 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\DeploymentConfig.2.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4924
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml.RYK, type = size, size_out = 898 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4928
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml.RYK, type = size, size_out = 6036539 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x492c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserDeploymentConfiguration.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserDeploymentConfiguration.xml.RYK, type = size, size_out = 898 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserDeploymentConfiguration.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4930
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml.RYK, type = size, size_out = 3788098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4934
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\MasterDescriptor.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\MasterDescriptor.en-us.xml.RYK, type = size, size_out = 32226 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\MasterDescriptor.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4938
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\s641033.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\s641033.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\s641033.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x493c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\Stream.Platform.Culture.man.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\Stream.Platform.Culture.man.xml.RYK, type = size, size_out = 1851890 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\Stream.Platform.Culture.man.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4940
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.hash.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4944
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.man.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.man.dat.RYK, type = size, size_out = 1067426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\en-us.16\stream.x64.en-us.man.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4948
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\MasterDescriptor.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\MasterDescriptor.x-none.xml.RYK, type = size, size_out = 32482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\MasterDescriptor.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x494c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\s640.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\s640.hash.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\s640.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4950
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\Stream.Platform.x-none.man.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\Stream.Platform.x-none.man.xml.RYK, type = size, size_out = 9671842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\Stream.Platform.x-none.man.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4954
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.hash.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.hash.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.hash.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4958
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.man.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.man.dat.RYK, type = size, size_out = 5437238 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\ProductReleases\46750A92-D768-415D-ABAC-A9B18903B159\x-none.16\stream.x64.x-none.man.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x495c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man.RYK, type = size, size_out = 414002 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4960
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 43202 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4964
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml.RYK, type = size, size_out = 61042 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4968
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml.RYK, type = size, size_out = 2322 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x496c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 16514 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4970
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml.RYK, type = size, size_out = 10098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4974
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 559650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4978
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml.RYK, type = size, size_out = 37794 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x497c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 106850 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4980
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml.RYK, type = size, size_out = 22402 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4984
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml.RYK, type = size, size_out = 17250 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4988
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml.RYK, type = size, size_out = 346466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x498c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml.RYK, type = size, size_out = 125810 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4990
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml.RYK, type = size, size_out = 2322 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4994
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 99922 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4998
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml.RYK, type = size, size_out = 18738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x499c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 1810 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x49a0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml.RYK, type = size, size_out = 11330 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x49a4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 2594 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x49a8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml.RYK, type = size, size_out = 11426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x49ac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 99458 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x49b0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml.RYK, type = size, size_out = 97170 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x49b4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 813890 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x49b8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 109986 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x49bc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml.RYK, type = size, size_out = 27122 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x49c0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 36226 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x49c4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml.RYK, type = size, size_out = 32450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x49c8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml.RYK, type = size, size_out = 27810 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x49cc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml.RYK, type = size, size_out = 26082 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x49d0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.RYK, type = size, size_out = 26082 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x49d4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml.RYK, type = size, size_out = 2322 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x49d8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 80834 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x49dc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml.RYK, type = size, size_out = 13650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x49e0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 745058 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x49e4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 194514 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x49e8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml.RYK, type = size, size_out = 1175698 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x49ec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml.RYK, type = size, size_out = 92610 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x49f0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml.RYK, type = size, size_out = 78466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x49f4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates Logon.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates Logon.xml.RYK, type = size, size_out = 4370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates Logon.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x49f8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml.RYK, type = size, size_out = 7058 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x49fc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerLogon.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerLogon.xml.RYK, type = size, size_out = 3106 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerLogon.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4a00
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml.RYK, type = size, size_out = 3282 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4a04
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml.RYK, type = size, size_out = 3586 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4a08
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml.RYK, type = size, size_out = 3522 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4a0c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man.RYK, type = size, size_out = 114018 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4a10
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man.RYK, type = size, size_out = 1077666 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4a14
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, type = size, size_out = 338 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4a18
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, type = size, size_out = 338 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_427a1946-e0ff-4097-8c9e-ca2c1e22780b.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4a1c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848.RYK, type = size, size_out = 1842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Crypto\SystemKeys\6d00fa390c15cc4634c8ca8153b76f29_911499c7-ef29-47ed-a64c-6b1751f20848.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4a20
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png, destination_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4a24
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml, destination_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4a28
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png, destination_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4a2c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png, destination_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4a30
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png, destination_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4a34
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png, destination_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4a38
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml, destination_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4a3c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png, destination_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4a40
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml, destination_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4a44
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico, destination_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4a48
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico, destination_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4a4c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico, destination_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4a50
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml, destination_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4a54
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico, destination_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4a58
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico, destination_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4a5c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico, destination_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4a60
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml, destination_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4a64
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico, destination_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4a68
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml, destination_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4a6c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico, destination_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4a70
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico, destination_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4a74
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico, destination_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4a78
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico, destination_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4a7c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico, destination_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4a80
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico, destination_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4a84
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_settings.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_settings.ico, destination_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_settings.ico.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4a88
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml, destination_filename = C:\Documents and Settings\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4a8c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static.RYK, type = size, size_out = 2898 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4a90
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Diagnosis\DownloadedSettings\cfc.flights.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Diagnosis\DownloadedSettings\cfc.flights.json, destination_filename = C:\Documents and Settings\All Users\Microsoft\Diagnosis\DownloadedSettings\cfc.flights.json.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4a94
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json, destination_filename = C:\Documents and Settings\All Users\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4a98
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk.RYK, type = size, size_out = 962 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4a9c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Diagnosis\DownloadedSettings\utc.app.json, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Diagnosis\DownloadedSettings\utc.app.json, destination_filename = C:\Documents and Settings\All Users\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4aa0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk.RYK, type = size, size_out = 1634 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4aa4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl.RYK, type = size, size_out = 917794 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4aa8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Diagnosis\events00.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Diagnosis\events00.rbs, destination_filename = C:\Documents and Settings\All Users\Microsoft\Diagnosis\events00.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4aac
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Diagnosis\events01.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Diagnosis\events01.rbs, destination_filename = C:\Documents and Settings\All Users\Microsoft\Diagnosis\events01.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4ab0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Diagnosis\events10.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Diagnosis\events10.rbs, destination_filename = C:\Documents and Settings\All Users\Microsoft\Diagnosis\events10.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4ab4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Diagnosis\events11.rbs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Diagnosis\events11.rbs, destination_filename = C:\Documents and Settings\All Users\Microsoft\Diagnosis\events11.rbs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4ab8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Diagnosis\parse.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Diagnosis\parse.dat, destination_filename = C:\Documents and Settings\All Users\Microsoft\Diagnosis\parse.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4abc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\MF\Active.GRL.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\MF\Active.GRL.RYK, type = size, size_out = 15250 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\MF\Active.GRL.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4ac0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\MF\Pending.GRL.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\MF\Pending.GRL.RYK, type = size, size_out = 15250 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\MF\Pending.GRL.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4ac4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Network\Downloader\qmgr0.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Network\Downloader\qmgr0.dat, destination_filename = C:\Documents and Settings\All Users\Microsoft\Network\Downloader\qmgr0.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4ac8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Network\Downloader\qmgr1.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Network\Downloader\qmgr1.dat, destination_filename = C:\Documents and Settings\All Users\Microsoft\Network\Downloader\qmgr1.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4acc
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Office\ClickToRunPackageLocker.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Office\ClickToRunPackageLocker.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x4ad0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\countrytable.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\countrytable.xml, destination_filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\countrytable.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4ad4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml.RYK, type = size, size_out = 4018 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4ad8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4adc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 2098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4ae0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 2098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4ae4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml.RYK, type = size, size_out = 834 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4ae8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml.RYK, type = size, size_out = 1538 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4aec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4af0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 642 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4af4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 642 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4af8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml.RYK, type = size, size_out = 626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4afc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml.RYK, type = size, size_out = 5810 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4b00
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4b04
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 3570 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4b08
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 3570 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4b0c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml.RYK, type = size, size_out = 594 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4b10
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml.RYK, type = size, size_out = 6818 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4b14
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4b18
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 3314 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4b1c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 2114 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4b20
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_2.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_2.provxml.RYK, type = size, size_out = 2594 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\Power_2.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4b24
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml.RYK, type = size, size_out = 866 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4b28
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml.RYK, type = size, size_out = 8274 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4b2c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4b30
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 4322 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4b34
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 3586 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4b38
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_2.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_2.provxml.RYK, type = size, size_out = 2098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\Power_2.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4b3c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml.RYK, type = size, size_out = 834 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4b40
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml.RYK, type = size, size_out = 1266 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4b44
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4b48
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 914 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4b4c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime.xml.RYK, type = size, size_out = 482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4b50
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\customizations.xml.RYK, type = size, size_out = 2514 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4b54
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4b58
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 1938 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4b5c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml.RYK, type = size, size_out = 626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4b60
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml.RYK, type = size, size_out = 7618 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4b64
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4b68
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 7362 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4b6c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime.xml.RYK, type = size, size_out = 626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4b70
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\customizations.xml.RYK, type = size, size_out = 3634 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4b74
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4b78
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 2098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4b7c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 2098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4b80
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime.xml.RYK, type = size, size_out = 594 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4b84
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml.RYK, type = size, size_out = 2498 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4b88
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4b8c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 1922 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4b90
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime.xml.RYK, type = size, size_out = 626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4b94
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\customizations.xml.RYK, type = size, size_out = 2098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4b98
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4b9c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 1330 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4ba0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime.xml.RYK, type = size, size_out = 626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4ba4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml.RYK, type = size, size_out = 3778 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4ba8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4bac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 2130 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4bb0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 2130 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4bb4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime.xml.RYK, type = size, size_out = 594 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4bb8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\customizations.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\customizations.xml.RYK, type = size, size_out = 25778 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\customizations.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4bbc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\MasterDatastore.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\MasterDatastore.xml.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\MasterDatastore.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4bc0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_0.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_0.provxml.RYK, type = size, size_out = 6114 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_0.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4bc4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_1.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_1.provxml.RYK, type = size, size_out = 1698 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_1.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4bc8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_2.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_2.provxml.RYK, type = size, size_out = 4402 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_2.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4bcc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_3.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_3.provxml.RYK, type = size, size_out = 6482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_3.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4bd0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_4.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_4.provxml.RYK, type = size, size_out = 6738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_4.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4bd4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_5.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_5.provxml.RYK, type = size, size_out = 3714 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_5.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4bd8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_6.provxml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_6.provxml.RYK, type = size, size_out = 2642 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\Power_6.provxml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4bdc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime.xml.RYK, type = size, size_out = 1586 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4be0
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\User Account Pictures\Administrator.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\User Account Pictures\Administrator.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x4be4
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\User Account Pictures\CIiHmnxMn6Ps.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\User Account Pictures\CIiHmnxMn6Ps.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x4be8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\User Account Pictures\guest.bmp.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\User Account Pictures\guest.bmp.RYK, type = size, size_out = 803154 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\User Account Pictures\guest.bmp.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4bec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\User Account Pictures\guest.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\User Account Pictures\guest.png.RYK, type = size, size_out = 5682 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\User Account Pictures\guest.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4bf0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\User Account Pictures\user-192.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\User Account Pictures\user-192.png.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\User Account Pictures\user-192.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4bf4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\User Account Pictures\user-32.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\User Account Pictures\user-32.png.RYK, type = size, size_out = 690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\User Account Pictures\user-32.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4bf8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\User Account Pictures\user-40.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\User Account Pictures\user-40.png.RYK, type = size, size_out = 722 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\User Account Pictures\user-40.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4bfc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\User Account Pictures\user-48.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\User Account Pictures\user-48.png.RYK, type = size, size_out = 786 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\User Account Pictures\user-48.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4434
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\User Account Pictures\user.bmp.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\User Account Pictures\user.bmp.RYK, type = size, size_out = 803154 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\User Account Pictures\user.bmp.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x40e8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\User Account Pictures\user.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\User Account Pictures\user.png.RYK, type = size, size_out = 5682 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\User Account Pictures\user.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x42dc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch.RYK, type = size, size_out = 434 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vsch.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x41cc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x409c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4c04
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol.RYK, type = size, size_out = 722 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4c08
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Definition Updates\Default\MpAsBase.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Definition Updates\Default\MpAsBase.vdm, destination_filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Definition Updates\Default\MpAsBase.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4c0c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Definition Updates\Default\MpAsDlta.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Definition Updates\Default\MpAsDlta.vdm, destination_filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Definition Updates\Default\MpAsDlta.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4c10
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Definition Updates\Default\MpAvBase.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Definition Updates\Default\MpAvBase.vdm, destination_filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Definition Updates\Default\MpAvBase.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4c14
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Definition Updates\Default\MpAvDlta.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Definition Updates\Default\MpAvDlta.vdm, destination_filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Definition Updates\Default\MpAvDlta.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4c18
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Definition Updates\Default\NisBase.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Definition Updates\Default\NisBase.vdm, destination_filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Definition Updates\Default\NisBase.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4c1c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Definition Updates\Default\NisFull.vdm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Definition Updates\Default\NisFull.vdm, destination_filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Definition Updates\Default\NisFull.vdm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4c20
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Network Inspection System\Support\NisLog.txt.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Network Inspection System\Support\NisLog.txt.RYK, type = size, size_out = 35090 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Network Inspection System\Support\NisLog.txt.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4c24
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\CacheManager\MpScanCache-1.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\CacheManager\MpScanCache-1.bin, destination_filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\CacheManager\MpScanCache-1.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4c28
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\00\192.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\00\192.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\00\192.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4c2c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\198.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\198.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\198.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4c30
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\263.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\263.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\263.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4c34
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\271.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\271.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\271.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4c38
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\02\303.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\02\303.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\02\303.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4c3c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\03\324.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\03\324.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\03\324.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4c40
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\259.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\259.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\259.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4c44
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\261.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\261.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\261.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4c48
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\191.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\191.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\191.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4c4c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\199.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\199.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\199.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4c50
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\317.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\317.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\317.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4c54
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\06\13710.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\06\13710.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\06\13710.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4c58
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\07\273.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\07\273.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\07\273.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4c5c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\13711.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\13711.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\13711.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4c60
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\238.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\238.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\238.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4c64
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\287.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\287.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\287.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4c68
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\197.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\197.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\197.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4c6c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\267.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\267.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\267.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4c70
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\286.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\286.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\286.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4c74
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\11\200.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\11\200.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\11\200.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4c78
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\12\194.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\12\194.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\12\194.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4c7c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\13\278.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\13\278.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\13\278.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4c80
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\14\9664.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\14\9664.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\14\9664.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4c84
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\13712.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\13712.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\13712.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4c88
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\196.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\196.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\196.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4c8c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\262.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\262.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\262.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4c90
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\288.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\288.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\288.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4c94
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\193.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\193.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\193.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4c98
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\300.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\300.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\300.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4c9c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107001.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107001.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107001.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4ca0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107002.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107002.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107002.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4ca4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\195.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\195.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\195.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4ca8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\266.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\266.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\266.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4cac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\272.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\272.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\272.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4cb0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\328.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\328.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\328.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4cb4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\20\189.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\20\189.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\20\189.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4cb8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\13719.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\13719.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\13719.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4cbc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\260.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\260.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\260.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4cc0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\22\323.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\22\323.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\22\323.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4cc4
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log.RYK, type = size, size_out = 24 |
|
2 |
Thread 0x4cc8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\MetaStore\1\0000000000000000.idx.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\MetaStore\1\0000000000000000.idx.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\MetaStore\1\0000000000000000.idx.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4ccc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\MetaStore\2\0000000000000000.idx.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\MetaStore\2\0000000000000000.idx.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\MetaStore\2\0000000000000000.idx.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4cd0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat.RYK, type = size, size_out = 514 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4cd4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat.RYK, type = size, size_out = 738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4cd8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\MetaStore\2\94\A75BFDE52F3DD8E6.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\MetaStore\2\94\A75BFDE52F3DD8E6.dat.RYK, type = size, size_out = 642 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\MetaStore\2\94\A75BFDE52F3DD8E6.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4cdc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\MetaStore\3\0000000000000000.idx.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\MetaStore\3\0000000000000000.idx.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\MetaStore\3\0000000000000000.idx.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4ce0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\MetaStore\4\0000000000000000.idx.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\MetaStore\4\0000000000000000.idx.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\MetaStore\4\0000000000000000.idx.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4ce4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67.RYK, type = size, size_out = 187773223 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.67.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4ce8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E.RYK, type = size, size_out = 3354914 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.7E.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4cec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80.RYK, type = size, size_out = 12480806 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.80.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4cf0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87.RYK, type = size, size_out = 2519330 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.87.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4cf4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0.RYK, type = size, size_out = 4600098 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.A0.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4cf8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CB.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CB.RYK, type = size, size_out = 295202 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CB.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4cfc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CC.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CC.RYK, type = size, size_out = 553250 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.CC.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4d00
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.RYK, type = size, size_out = 10707341 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4d04
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE0.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE0.RYK, type = size, size_out = 59793703 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE0.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4d08
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1.RYK, type = size, size_out = 5488934 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VE1.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4d0c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VF.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VF.RYK, type = size, size_out = 1933346 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\mpcache-A14CDE2848BB5D8B88DFAFE00552ABFC83C353CE.bin.VF.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4d10
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\MpDiag.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\MpDiag.bin.RYK, type = size, size_out = 402 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\MpDiag.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4d14
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows Live\WLive48x48.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft\Windows Live\WLive48x48.png.RYK, type = size, size_out = 4946 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft\Windows Live\WLive48x48.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4d18
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\confident.cov, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\confident.cov, destination_filename = C:\Documents and Settings\All Users\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\confident.cov.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4d1c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\fyi.cov, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\fyi.cov, destination_filename = C:\Documents and Settings\All Users\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\fyi.cov.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4d20
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\generic.cov, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\generic.cov, destination_filename = C:\Documents and Settings\All Users\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\generic.cov.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4d24
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\urgent.cov, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\urgent.cov, destination_filename = C:\Documents and Settings\All Users\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\urgent.cov.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4d28
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\WelcomeFax.tif, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\WelcomeFax.tif, destination_filename = C:\Documents and Settings\All Users\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\WelcomeFax.tif.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4d2c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft\Windows NT\MSScan\WelcomeScan.jpg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\Microsoft\Windows NT\MSScan\WelcomeScan.jpg, destination_filename = C:\Documents and Settings\All Users\Microsoft\Windows NT\MSScan\WelcomeScan.jpg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4d30
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Microsoft OneDrive\setup\refcount.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Microsoft OneDrive\setup\refcount.ini.RYK, type = size, size_out = 306 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Microsoft OneDrive\setup\refcount.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4d34
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp.RYK, type = size, size_out = 338 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Oracle\Java\.oracle_jre_usage\17dfc292991c7c24.timestamp.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4d38
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Oracle\Java\installcache_x64\baseimagefam8.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Oracle\Java\installcache_x64\baseimagefam8.RYK, type = size, size_out = 82552220 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Oracle\Java\installcache_x64\baseimagefam8.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4d3c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, type = size, size_out = 997330 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4d40
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, type = size, size_out = 143650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4d44
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm.RYK, type = size, size_out = 930 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4d48
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, type = size, size_out = 5800522 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4d4c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, type = size, size_out = 151842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4d50
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm.RYK, type = size, size_out = 930 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4d54
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm.RYK, type = size, size_out = 1042 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4d58
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, type = size, size_out = 1463154 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4d5c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, type = size, size_out = 147746 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4d60
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, type = size, size_out = 5588550 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4d64
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, type = size, size_out = 143650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4d68
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, type = size, size_out = 1266802 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4d6c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, type = size, size_out = 147746 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Package Cache\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}v14.0.23026\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4d70
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, type = size, size_out = 1034786 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4d74
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, type = size, size_out = 143650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4d78
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, type = size, size_out = 5154110 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4d7c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, type = size, size_out = 151842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4d80
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, type = size, size_out = 821970 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4d84
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, type = size, size_out = 151842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4d88
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, type = size, size_out = 4989074 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4d8c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, type = size, size_out = 143650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Package Cache\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}v14.0.23026\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4d90
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm.RYK, type = size, size_out = 930 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4d94
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, type = size, size_out = 810050 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4d98
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, type = size, size_out = 151842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4d9c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, type = size, size_out = 5881611 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4da0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, type = size, size_out = 143650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4da4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm.RYK, type = size, size_out = 1042 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4da8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm.RYK, type = size, size_out = 930 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\state.rsm.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4dac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, type = size, size_out = 4933186 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4db0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, type = size, size_out = 143650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4db4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag.RYK, type = size, size_out = 1362 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4db8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag.RYK, type = size, size_out = 1362 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4dbc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag.RYK, type = size, size_out = 1362 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4dc0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\All Users\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag, destination_filename = C:\Documents and Settings\All Users\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4dc4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\desktop.ini.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4dc8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Access 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Access 2016.lnk.RYK, type = size, size_out = 2706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Access 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4dcc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Access.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Access.lnk.RYK, type = size, size_out = 2706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Access.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4dd0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessibility\Desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessibility\Desktop.ini.RYK, type = size, size_out = 658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessibility\Desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4dd4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessibility\Speech Recognition.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessibility\Speech Recognition.lnk.RYK, type = size, size_out = 1522 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessibility\Speech Recognition.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4dd8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\desktop.ini.RYK, type = size, size_out = 1762 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4ddc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Math Input Panel.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Math Input Panel.lnk.RYK, type = size, size_out = 1458 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Math Input Panel.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4de0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Paint.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Paint.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Paint.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4de4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk.RYK, type = size, size_out = 1490 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4de8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Snipping Tool.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Snipping Tool.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Snipping Tool.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4dec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Steps Recorder.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Steps Recorder.lnk.RYK, type = size, size_out = 1378 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Steps Recorder.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4df0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Sticky Notes.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Sticky Notes.lnk.RYK, type = size, size_out = 1474 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Sticky Notes.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4df4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Character Map.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Character Map.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Character Map.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4df8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\desktop.ini.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4dfc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini.RYK, type = size, size_out = 466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4e00
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4e04
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk.RYK, type = size, size_out = 1378 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4e08
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Windows Media Player.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Windows Media Player.lnk.RYK, type = size, size_out = 1634 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Windows Media Player.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4e0c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Wordpad.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Wordpad.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Wordpad.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4e10
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\XPS Viewer.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\XPS Viewer.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\XPS Viewer.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4e14
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat Reader DC.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat Reader DC.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat Reader DC.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4e18
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Component Services.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Component Services.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Component Services.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4e1c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Computer Management.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Computer Management.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Computer Management.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4e20
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\desktop.ini.RYK, type = size, size_out = 2882 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4e24
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\dfrgui.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\dfrgui.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\dfrgui.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4e28
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4e2c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Event Viewer.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Event Viewer.lnk.RYK, type = size, size_out = 1458 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Event Viewer.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4e30
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk.RYK, type = size, size_out = 1426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4e34
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk.RYK, type = size, size_out = 1426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4e38
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk.RYK, type = size, size_out = 1426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4e3c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk.RYK, type = size, size_out = 1426 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4e40
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4e44
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Print Management.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Print Management.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Print Management.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4e48
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4e4c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4e50
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\services.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\services.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\services.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4e54
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\System Configuration.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\System Configuration.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\System Configuration.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4e58
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\System Information.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\System Information.lnk.RYK, type = size, size_out = 1394 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\System Information.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4e5c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4e60
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4e64
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\desktop.ini.RYK, type = size, size_out = 1298 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4e68
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Desktop.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Desktop.lnk.RYK, type = size, size_out = 1138 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Desktop.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4e6c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Devices Flow.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Devices Flow.lnk.RYK, type = size, size_out = 2482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Devices Flow.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4e70
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Excel 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Excel 2016.lnk.RYK, type = size, size_out = 2706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Excel 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4e74
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Excel.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Excel.lnk.RYK, type = size, size_out = 2706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Excel.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4e78
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Immersive Control Panel.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Immersive Control Panel.lnk.RYK, type = size, size_out = 2626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Immersive Control Panel.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4e7c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Java\About Java.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Java\About Java.lnk.RYK, type = size, size_out = 2386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Java\About Java.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4e80
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Java\Check For Updates.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Java\Check For Updates.lnk.RYK, type = size, size_out = 2402 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Java\Check For Updates.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4e84
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Java\Configure Java.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Java\Configure Java.lnk.RYK, type = size, size_out = 2354 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Java\Configure Java.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4e88
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Java\Get Help.url.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Java\Get Help.url.RYK, type = size, size_out = 466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Java\Get Help.url.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4e8c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Java\Visit Java.com.url.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Java\Visit Java.com.url.RYK, type = size, size_out = 466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Java\Visit Java.com.url.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4e90
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Maintenance\Desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Maintenance\Desktop.ini.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Maintenance\Desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4e94
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office 2016 Tools\Database Compare 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office 2016 Tools\Database Compare 2016.lnk.RYK, type = size, size_out = 2850 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office 2016 Tools\Database Compare 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4e98
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Language Preferences.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Language Preferences.lnk.RYK, type = size, size_out = 2722 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Language Preferences.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4e9c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk.RYK, type = size, size_out = 2866 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4ea0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk.RYK, type = size, size_out = 2866 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office 2016 Tools\Project Server 2016 Accounts.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4ea4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office 2016 Tools\Skype for Business Recording Manager.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office 2016 Tools\Skype for Business Recording Manager.lnk.RYK, type = size, size_out = 2754 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office 2016 Tools\Skype for Business Recording Manager.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4ea8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk.RYK, type = size, size_out = 2850 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4eac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Dashboard for Office 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Dashboard for Office 2016.lnk.RYK, type = size, size_out = 2802 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Dashboard for Office 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4eb0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Log for Office 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Log for Office 2016.lnk.RYK, type = size, size_out = 2866 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Log for Office 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4eb4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\MiracastView.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\MiracastView.lnk.RYK, type = size, size_out = 2498 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\MiracastView.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4eb8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\OneDrive for Business.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\OneDrive for Business.lnk.RYK, type = size, size_out = 2482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\OneDrive for Business.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4ebc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\OneNote 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\OneNote 2016.lnk.RYK, type = size, size_out = 2674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\OneNote 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4ec0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Outlook 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Outlook 2016.lnk.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Outlook 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4ec4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Outlook.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Outlook.lnk.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Outlook.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4ec8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\PowerPoint 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\PowerPoint 2016.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\PowerPoint 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4ecc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\PowerPoint.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\PowerPoint.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\PowerPoint.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4ed0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\PrintDialog.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\PrintDialog.lnk.RYK, type = size, size_out = 2482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\PrintDialog.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4ed4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Project 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Project 2016.lnk.RYK, type = size, size_out = 2754 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Project 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4ed8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Project.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Project.lnk.RYK, type = size, size_out = 2450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Project.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4edc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Publisher 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Publisher 2016.lnk.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Publisher 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4ee0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Publisher.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Publisher.lnk.RYK, type = size, size_out = 2690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Publisher.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4ee4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Search.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Search.lnk.RYK, type = size, size_out = 1874 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Search.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4ee8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Skype for Business 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Skype for Business 2016.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Skype for Business 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4eec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Skype for Business.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Skype for Business.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Skype for Business.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4ef0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\desktop.ini.RYK, type = size, size_out = 450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4ef4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\System Tools\Default Programs.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\System Tools\Default Programs.lnk.RYK, type = size, size_out = 1538 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\System Tools\Default Programs.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4ef8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\System Tools\Desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\System Tools\Desktop.ini.RYK, type = size, size_out = 738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\System Tools\Desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4efc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\System Tools\Task Manager.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\System Tools\Task Manager.lnk.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\System Tools\Task Manager.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4f00
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Visio 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Visio 2016.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Visio 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4f04
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Visio.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Visio.lnk.RYK, type = size, size_out = 2434 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Visio.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4f08
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Word 2016.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Word 2016.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Word 2016.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4f0c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Word.lnk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Word.lnk.RYK, type = size, size_out = 2738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\Start Menu\Programs\Word.lnk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4f10
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml.RYK, type = size, size_out = 1122 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4f14
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.001.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.001.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.001.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4f18
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.002.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.002.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.002.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4f1c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.003.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.003.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.003.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4f20
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.004.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.004.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.004.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4f24
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.005.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.005.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.005.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4f28
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.006.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.006.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.006.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4f2c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.007.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.007.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.007.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4f30
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.008.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.008.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.008.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4f34
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.009.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.009.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.009.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4f38
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.010.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.010.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.010.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4f3c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.011.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.011.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.011.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4f40
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.012.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.012.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.012.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4f44
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.013.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.013.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.013.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4f48
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.014.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.014.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.014.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4f4c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.015.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.015.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.015.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4f50
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.016.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.016.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.016.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4f54
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.017.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.017.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.017.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4f58
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.018.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.018.etl.RYK, type = size, size_out = 16674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.018.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4f5c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.019.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.019.etl.RYK, type = size, size_out = 4386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.019.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4f60
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.020.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.020.etl.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.020.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4f64
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.021.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.021.etl.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateSessionOrchestration.021.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4f68
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateUx.001.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateUx.001.etl.RYK, type = size, size_out = 4386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\All Users\USOShared\Logs\UpdateUx.001.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4f6c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt15.lst, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt15.lst, type = size, size_out = 1035 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt15.lst, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt15.lst, size = 1035, size_out = 1035 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt15.lst, size = 1040 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt15.lst, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt15.lst, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt15.lst, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt15.lst.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4f70
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt17.lst, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt17.lst, type = size, size_out = 536 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt17.lst, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt17.lst, size = 536, size_out = 536 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt17.lst, size = 544 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt17.lst, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt17.lst, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt17.lst, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt17.lst.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4f74
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt15.lst, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt15.lst, type = size, size_out = 90431 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt15.lst, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt15.lst, size = 90431, size_out = 90431 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt15.lst, size = 90432 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt15.lst, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt15.lst, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt15.lst, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt15.lst.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4f78
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt17.lst, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt17.lst, type = size, size_out = 150357 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt17.lst, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt17.lst, size = 150357, size_out = 150357 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt17.lst, size = 150368 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt17.lst, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt17.lst, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt17.lst, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt17.lst.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4f7c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt15.lst, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt15.lst, type = size, size_out = 9566 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt15.lst, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\RyukReadMe.txt, size = 9566, size_out = 9566 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\RyukReadMe.txt, size = 9568 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt15.lst, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt15.lst.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4f80
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt17.lst, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt17.lst, type = size, size_out = 9566 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt17.lst, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt17.lst, size = 9566, size_out = 9566 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt17.lst, size = 9568 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt17.lst, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt17.lst, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt17.lst, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt17.lst.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4f84
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr.dat, type = size, size_out = 53574 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr.dat, size = 53574, size_out = 53574 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr.dat, size = 53584 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4f88
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat, type = size, size_out = 186947 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat, size = 186947, size_out = 186947 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat, size = 186960 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4f8c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents, type = size, size_out = 6144 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents, size = 6144, size_out = 6144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents, size = 6160 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4f90
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\UserCache.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\UserCache.bin, type = size, size_out = 63413 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\UserCache.bin, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\UserCache.bin, size = 63413, size_out = 63413 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\UserCache.bin, size = 63424 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\UserCache.bin, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\UserCache.bin, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\UserCache.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Acrobat\DC\UserCache.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4f94
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_0, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_0, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_0, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_0, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_0, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_0, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_0, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_0, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_0.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4f98
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1, type = size, size_out = 270336 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1, size = 270336, size_out = 270336 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1, size = 270352 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4f9c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_2, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_2, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_2, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_3, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_3, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_3, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4fa0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_3, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_3, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_3, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_3, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_3, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_3, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_3, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_3, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_3.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4fa4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\index, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\index, type = size, size_out = 524656 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\index, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\index, size = 524656, size_out = 524656 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\index, size = 524672 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\index, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\index, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\index, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\index.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4fa8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links, type = size, size_out = 131072 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links, size = 131072, size_out = 131072 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links, size = 131088 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4fac
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies, type = size, size_out = 7168 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies, size = 7168, size_out = 7168 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies, size = 7184 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4fb0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies-journal, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies-journal, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies-journal, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies-journal.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4fb4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Color\ACECache11.lst, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Color\ACECache11.lst, type = size, size_out = 1164 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Color\ACECache11.lst, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Color\ACECache11.lst, size = 1164, size_out = 1164 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Color\ACECache11.lst, size = 1168 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Color\ACECache11.lst, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Color\ACECache11.lst, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Color\ACECache11.lst, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Color\ACECache11.lst.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4fb8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Color\Profiles\wscRGB.icc, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Color\Profiles\wscRGB.icc, type = size, size_out = 66208 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Color\Profiles\wscRGB.icc, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Color\Profiles\wscRGB.icc, size = 66208, size_out = 66208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Color\Profiles\wscRGB.icc, size = 66224 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Color\Profiles\wscRGB.icc, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Color\Profiles\wscRGB.icc, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Color\Profiles\wscRGB.icc, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Color\Profiles\wscRGB.icc.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4fbc
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Color\Profiles\wsRGB.icc, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Color\Profiles\wsRGB.icc, type = size, size_out = 2676 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Color\Profiles\wsRGB.icc, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Color\Profiles\wsRGB.icc, size = 2676, size_out = 2676 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Color\Profiles\wsRGB.icc, size = 2688 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Color\Profiles\wsRGB.icc, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Color\Profiles\wsRGB.icc, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Color\Profiles\wsRGB.icc, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Adobe\Color\Profiles\wsRGB.icc.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4fc0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt15.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt15.lst.RYK, type = size, size_out = 1314 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt15.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4fc4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt17.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt17.lst.RYK, type = size, size_out = 818 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt17.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4fc8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\Acrobat\DC\AdobeSysFnt15.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\Acrobat\DC\AdobeSysFnt15.lst.RYK, type = size, size_out = 90706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\Acrobat\DC\AdobeSysFnt15.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4fcc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\Acrobat\DC\AdobeSysFnt17.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\Acrobat\DC\AdobeSysFnt17.lst.RYK, type = size, size_out = 150642 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\Acrobat\DC\AdobeSysFnt17.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4fd0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt15.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt15.lst.RYK, type = size, size_out = 9842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt15.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4fd4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt17.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt17.lst.RYK, type = size, size_out = 9842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt17.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4fd8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\Acrobat\DC\IconCacheRdr.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\Acrobat\DC\IconCacheRdr.dat.RYK, type = size, size_out = 53858 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\Acrobat\DC\IconCacheRdr.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4fdc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\Acrobat\DC\IconCacheRdr65536.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\Acrobat\DC\IconCacheRdr65536.dat.RYK, type = size, size_out = 187234 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\Acrobat\DC\IconCacheRdr65536.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4fe0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\Acrobat\DC\SharedDataEvents.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\Acrobat\DC\SharedDataEvents.RYK, type = size, size_out = 6434 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\Acrobat\DC\SharedDataEvents.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4fe4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\Acrobat\DC\UserCache.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\Acrobat\DC\UserCache.bin.RYK, type = size, size_out = 63698 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\Acrobat\DC\UserCache.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4fe8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_0.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_0.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_0.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4fec
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4ff0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_2.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_2.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_2.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4ff4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_3.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_3.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_3.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4ff8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\index.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\index.RYK, type = size, size_out = 524946 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\index.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x4ffc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links.RYK, type = size, size_out = 131362 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5004
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies-journal.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies-journal.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x5008
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies.RYK, type = size, size_out = 7458 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5010
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\Color\ACECache11.lst, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\Color\ACECache11.lst, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\Color\ACECache11.lst.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5014
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\Color\Profiles\wscRGB.icc, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\Color\Profiles\wscRGB.icc, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\Color\Profiles\wscRGB.icc.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5018
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\Color\Profiles\wsRGB.icc, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\Color\Profiles\wsRGB.icc, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Adobe\Color\Profiles\wsRGB.icc.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x501c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt15.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt15.lst.RYK, type = size, size_out = 1314 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt15.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5020
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt17.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt17.lst.RYK, type = size, size_out = 818 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt17.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5024
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt15.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt15.lst.RYK, type = size, size_out = 90706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt15.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5028
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt17.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt17.lst.RYK, type = size, size_out = 150642 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt17.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x502c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt15.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt15.lst.RYK, type = size, size_out = 9842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt15.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5030
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt17.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt17.lst.RYK, type = size, size_out = 9842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt17.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5034
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr.dat.RYK, type = size, size_out = 53858 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5038
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr65536.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr65536.dat.RYK, type = size, size_out = 187234 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr65536.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x503c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\Acrobat\DC\SharedDataEvents.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\Acrobat\DC\SharedDataEvents.RYK, type = size, size_out = 6434 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\Acrobat\DC\SharedDataEvents.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5040
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\Acrobat\DC\UserCache.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\Acrobat\DC\UserCache.bin.RYK, type = size, size_out = 63698 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\Acrobat\DC\UserCache.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5044
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_0.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_0.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_0.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5048
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1.RYK, type = size, size_out = 270626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x504c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_2.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_2.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_2.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5050
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_3.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_3.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_3.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5054
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\index.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\index.RYK, type = size, size_out = 524946 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\index.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5058
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links.RYK, type = size, size_out = 131362 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x505c
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies-journal.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies-journal.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x5060
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies.RYK, type = size, size_out = 7458 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5064
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\Color\ACECache11.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\Color\ACECache11.lst.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\Color\ACECache11.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5068
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc.RYK, type = size, size_out = 66498 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x506c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc.RYK, type = size, size_out = 2962 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5070
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt15.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt15.lst.RYK, type = size, size_out = 1314 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt15.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5074
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt17.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt17.lst.RYK, type = size, size_out = 818 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt17.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5078
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt15.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt15.lst.RYK, type = size, size_out = 90706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt15.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x507c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt17.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt17.lst.RYK, type = size, size_out = 150642 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt17.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5080
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt15.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt15.lst.RYK, type = size, size_out = 9842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt15.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5084
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt17.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt17.lst.RYK, type = size, size_out = 9842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt17.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5088
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr.dat.RYK, type = size, size_out = 53858 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x508c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr65536.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr65536.dat.RYK, type = size, size_out = 187234 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr65536.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5090
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\SharedDataEvents.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\SharedDataEvents.RYK, type = size, size_out = 6434 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\SharedDataEvents.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5094
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\UserCache.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\UserCache.bin.RYK, type = size, size_out = 63698 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\UserCache.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5098
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_0.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_0.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_0.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x509c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1.RYK, type = size, size_out = 270626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x50a0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_2.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_2.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_2.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x50a4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_3.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_3.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_3.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x50a8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\index.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\index.RYK, type = size, size_out = 524946 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\index.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x50ac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links.RYK, type = size, size_out = 131362 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x50b0
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies-journal.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies-journal.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x50b4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies.RYK, type = size, size_out = 7458 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x50c0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\Color\ACECache11.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\Color\ACECache11.lst.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\Color\ACECache11.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x50c4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc.RYK, type = size, size_out = 66498 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x50c8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc.RYK, type = size, size_out = 2962 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x50cc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt15.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt15.lst.RYK, type = size, size_out = 1314 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt15.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x50d0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt17.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt17.lst.RYK, type = size, size_out = 818 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt17.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x50d4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt15.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt15.lst.RYK, type = size, size_out = 90706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt15.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x50d8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt17.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt17.lst.RYK, type = size, size_out = 150642 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt17.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x50dc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt15.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt15.lst.RYK, type = size, size_out = 9842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt15.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x50e0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt17.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt17.lst.RYK, type = size, size_out = 9842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt17.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x50e4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr.dat.RYK, type = size, size_out = 53858 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x50e8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr65536.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr65536.dat.RYK, type = size, size_out = 187234 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr65536.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x50ec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\SharedDataEvents.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\SharedDataEvents.RYK, type = size, size_out = 6434 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\SharedDataEvents.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x50f0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\UserCache.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\UserCache.bin.RYK, type = size, size_out = 63698 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\UserCache.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x50f4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_0.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_0.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_0.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5100
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1.RYK, type = size, size_out = 270626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5104
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_2.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_2.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_2.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5108
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_3.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_3.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_3.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x510c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\index.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\index.RYK, type = size, size_out = 524946 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\index.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5110
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links.RYK, type = size, size_out = 131362 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5114
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies-journal.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies-journal.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x5118
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies.RYK, type = size, size_out = 7458 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x511c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Color\ACECache11.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Color\ACECache11.lst.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Color\ACECache11.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5120
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc.RYK, type = size, size_out = 66498 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5124
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc.RYK, type = size, size_out = 2962 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x512c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt15.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt15.lst.RYK, type = size, size_out = 1314 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt15.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5130
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt17.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt17.lst.RYK, type = size, size_out = 818 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt17.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5134
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt15.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt15.lst.RYK, type = size, size_out = 90706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt15.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5138
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt17.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt17.lst.RYK, type = size, size_out = 150642 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt17.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x513c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt15.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt15.lst.RYK, type = size, size_out = 9842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt15.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5140
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt17.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt17.lst.RYK, type = size, size_out = 9842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt17.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5144
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr.dat.RYK, type = size, size_out = 53858 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5148
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr65536.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr65536.dat.RYK, type = size, size_out = 187234 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr65536.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x514c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\SharedDataEvents.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\SharedDataEvents.RYK, type = size, size_out = 6434 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\SharedDataEvents.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5150
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\UserCache.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\UserCache.bin.RYK, type = size, size_out = 63698 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\UserCache.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5154
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_0.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_0.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_0.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5158
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1.RYK, type = size, size_out = 270626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x515c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_2.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_2.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_2.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5160
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_3.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_3.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_3.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5164
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\index.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\index.RYK, type = size, size_out = 524946 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\index.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x516c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links.RYK, type = size, size_out = 131362 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5170
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies-journal.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies-journal.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x5174
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies.RYK, type = size, size_out = 7458 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5178
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\ACECache11.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\ACECache11.lst.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\ACECache11.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x517c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc.RYK, type = size, size_out = 66498 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5180
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc.RYK, type = size, size_out = 2962 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5184
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt15.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt15.lst.RYK, type = size, size_out = 1314 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt15.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5188
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt17.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt17.lst.RYK, type = size, size_out = 818 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt17.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x518c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt15.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt15.lst.RYK, type = size, size_out = 90706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt15.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5190
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt17.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt17.lst.RYK, type = size, size_out = 150642 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt17.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5194
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt15.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt15.lst.RYK, type = size, size_out = 9842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt15.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5198
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt17.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt17.lst.RYK, type = size, size_out = 9842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt17.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x519c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr.dat.RYK, type = size, size_out = 53858 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x51a0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr65536.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr65536.dat.RYK, type = size, size_out = 187234 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr65536.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x51a4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\SharedDataEvents.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\SharedDataEvents.RYK, type = size, size_out = 6434 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\SharedDataEvents.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x51a8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\UserCache.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\UserCache.bin.RYK, type = size, size_out = 63698 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\UserCache.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x51ac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_0.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_0.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_0.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x51b0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1.RYK, type = size, size_out = 270626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x51b4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_2.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_2.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_2.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x51b8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_3.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_3.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_3.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x51bc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\index.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\index.RYK, type = size, size_out = 524946 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\index.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x51c0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links.RYK, type = size, size_out = 131362 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x51c4
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies-journal.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies-journal.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x51c8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies.RYK, type = size, size_out = 7458 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x51cc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\ACECache11.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\ACECache11.lst.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\ACECache11.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x51d0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc.RYK, type = size, size_out = 66498 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x51d4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc.RYK, type = size, size_out = 2962 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x51dc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt15.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt15.lst.RYK, type = size, size_out = 1314 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt15.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x51e0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt17.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt17.lst.RYK, type = size, size_out = 818 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt17.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x51e4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt15.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt15.lst.RYK, type = size, size_out = 90706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt15.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x51e8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt17.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt17.lst.RYK, type = size, size_out = 150642 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt17.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x51ec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt15.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt15.lst.RYK, type = size, size_out = 9842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt15.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x51f0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt17.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt17.lst.RYK, type = size, size_out = 9842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt17.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x51f4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr.dat.RYK, type = size, size_out = 53858 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x51f8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr65536.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr65536.dat.RYK, type = size, size_out = 187234 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr65536.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x51fc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\SharedDataEvents.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\SharedDataEvents.RYK, type = size, size_out = 6434 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\SharedDataEvents.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5200
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\UserCache.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\UserCache.bin.RYK, type = size, size_out = 63698 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\UserCache.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5208
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_0.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_0.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_0.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x520c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1.RYK, type = size, size_out = 270626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5210
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_2.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_2.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_2.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5214
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_3.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_3.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_3.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5218
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\index.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\index.RYK, type = size, size_out = 524946 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\index.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x521c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links.RYK, type = size, size_out = 131362 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5220
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies-journal.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies-journal.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x5224
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies.RYK, type = size, size_out = 7458 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5228
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\ACECache11.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\ACECache11.lst.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\ACECache11.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x522c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc.RYK, type = size, size_out = 66498 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5230
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc.RYK, type = size, size_out = 2962 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5234
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt15.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt15.lst.RYK, type = size, size_out = 1314 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt15.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5238
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt17.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt17.lst.RYK, type = size, size_out = 818 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt17.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x523c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt15.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt15.lst.RYK, type = size, size_out = 90706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt15.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5240
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt17.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt17.lst.RYK, type = size, size_out = 150642 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt17.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5244
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt15.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt15.lst.RYK, type = size, size_out = 9842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt15.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5248
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt17.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt17.lst.RYK, type = size, size_out = 9842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt17.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x524c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr.dat.RYK, type = size, size_out = 53858 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5250
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr65536.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr65536.dat.RYK, type = size, size_out = 187234 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr65536.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5254
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\SharedDataEvents.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\SharedDataEvents.RYK, type = size, size_out = 6434 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\SharedDataEvents.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5258
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\UserCache.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\UserCache.bin.RYK, type = size, size_out = 63698 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\UserCache.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5264
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_0.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_0.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_0.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5268
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1.RYK, type = size, size_out = 270626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x526c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_2.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_2.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_2.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5270
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_3.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_3.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_3.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5280
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\index.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\index.RYK, type = size, size_out = 524946 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\index.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5284
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links.RYK, type = size, size_out = 131362 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5288
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies-journal.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies-journal.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x528c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies.RYK, type = size, size_out = 7458 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5290
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\ACECache11.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\ACECache11.lst.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\ACECache11.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5294
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc.RYK, type = size, size_out = 66498 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5298
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc.RYK, type = size, size_out = 2962 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x52a0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt15.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt15.lst.RYK, type = size, size_out = 1314 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt15.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x52a4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt17.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt17.lst.RYK, type = size, size_out = 818 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt17.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x52a8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt15.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt15.lst.RYK, type = size, size_out = 90706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt15.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x52ac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt17.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt17.lst.RYK, type = size, size_out = 150642 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt17.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x52b0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt15.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt15.lst.RYK, type = size, size_out = 9842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt15.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x52b4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt17.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt17.lst.RYK, type = size, size_out = 9842 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt17.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x52b8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr.dat.RYK, type = size, size_out = 53858 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x52bc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr65536.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr65536.dat.RYK, type = size, size_out = 187234 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr65536.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x52c0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\SharedDataEvents.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\SharedDataEvents.RYK, type = size, size_out = 6434 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\SharedDataEvents.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x52c4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\UserCache.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\UserCache.bin.RYK, type = size, size_out = 63698 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\UserCache.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x52cc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_0.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_0.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_0.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x52d0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1.RYK, type = size, size_out = 270626 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x52d4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_2.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_2.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_2.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x52d8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_3.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_3.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_3.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x52dc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\index.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\index.RYK, type = size, size_out = 524946 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Cache\index.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x52e0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links.RYK, type = size, size_out = 131362 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x52e4
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies-journal.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies-journal.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x52e8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies.RYK, type = size, size_out = 7458 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x52ec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\ACECache11.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\ACECache11.lst.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\ACECache11.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x52f0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc.RYK, type = size, size_out = 66498 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x52f4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc.RYK, type = size, size_out = 2962 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x52f8
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt15.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 |
Thread 0x52fc
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeCMapFnt17.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 |
Thread 0x5300
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt15.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 |
Thread 0x5304
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\AdobeSysFnt17.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 |
Thread 0x5308
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt15.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 |
Thread 0x530c
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\Cache\AcroFnt17.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 |
Thread 0x5310
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 |
Thread 0x5314
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\IconCacheRdr65536.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 |
Thread 0x5318
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\SharedDataEvents.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 |
Thread 0x5324
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\UserCache.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\UserCache.bin.RYK, type = size, size_out = 63698 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\DC\UserCache.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5328
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 |
Thread 0x532c
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies-journal.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 |
Thread 0x5330
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 |
Thread 0x5334
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\ACECache11.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\ACECache11.lst.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\ACECache11.lst.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5338
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc.RYK, type = size, size_out = 66498 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x533c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc.RYK, type = size, size_out = 2962 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5340
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\ACECache11.lst.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 |
Thread 0x5348
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\Temp\CalendarCache.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\Temp\CalendarCache.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\Temp\CalendarCache.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x534c
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini, type = size, size_out = 130 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini, size = 130, size_out = 130 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini, size = 144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5350
18
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\IconCache.db, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\IconCache.db, type = size, size_out = 6291456 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\IconCache.db, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\IconCache.db, size = 16, size_out = 16 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\IconCache.db, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\IconCache.db, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\IconCache.db, size = 0, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\IconCache.db, size = 16 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\IconCache.db, size = 10 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\RyukReadMe.txt, size = 16 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\IconCache.db, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\IconCache.db.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x535c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\FeedsStore.feedsdb-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\FeedsStore.feedsdb-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\FeedsStore.feedsdb-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5360
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\FORMS\FRMDATA64.DAT, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\FORMS\FRMDATA64.DAT, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\FORMS\FRMDATA64.DAT.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5364
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Visio\content16.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Visio\content16.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Visio\content16.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5368
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\-IV4wPwFL.jpg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\-IV4wPwFL.jpg, type = size, size_out = 72757 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\-IV4wPwFL.jpg, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\-IV4wPwFL.jpg, size = 72757, size_out = 72757 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\-IV4wPwFL.jpg, size = 72768 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\-IV4wPwFL.jpg, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\-IV4wPwFL.jpg, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\-IV4wPwFL.jpg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\-IV4wPwFL.jpg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x536c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\143D8HQ-K.flv, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\143D8HQ-K.flv, type = size, size_out = 18019 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\143D8HQ-K.flv, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\143D8HQ-K.flv, size = 18019, size_out = 18019 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\143D8HQ-K.flv, size = 18032 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\143D8HQ-K.flv, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\143D8HQ-K.flv, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\143D8HQ-K.flv, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\143D8HQ-K.flv.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5370
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\1h4xX.ots, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\CEF\RyukReadMe.txt, type = size, size_out = 41176 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\CEF\RyukReadMe.txt, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\CEF\RyukReadMe.txt, size = 41176, size_out = 41176 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\CEF\RyukReadMe.txt, size = 41184 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\CEF\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\CEF\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\1h4xX.ots, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\1h4xX.ots.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5374
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\1IfXYAEG.m4a, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\1IfXYAEG.m4a, type = size, size_out = 40158 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\1IfXYAEG.m4a, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\1IfXYAEG.m4a, size = 40158, size_out = 40158 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\1IfXYAEG.m4a, size = 40160 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\1IfXYAEG.m4a, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\1IfXYAEG.m4a, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\1IfXYAEG.m4a, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\1IfXYAEG.m4a.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5378
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\23-z26ppnFbb _N.m4a, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\23-z26ppnFbb _N.m4a, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\23-z26ppnFbb _N.m4a.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x537c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\8c 7fOguOClvgb97sIp.xls, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\8c 7fOguOClvgb97sIp.xls, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\8c 7fOguOClvgb97sIp.xls.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5380
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\a6WaOQ3LzAaGpXb88w.mkv, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\a6WaOQ3LzAaGpXb88w.mkv, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\a6WaOQ3LzAaGpXb88w.mkv.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5384
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\A9jMpUEC4IEAgPajkt.mp4, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\A9jMpUEC4IEAgPajkt.mp4, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\A9jMpUEC4IEAgPajkt.mp4.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5388
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\b7YZ5uYsWzDT2Y.bmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\b7YZ5uYsWzDT2Y.bmp, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\b7YZ5uYsWzDT2Y.bmp.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x538c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\BNBRCSDfnG9Ly.wav, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\BNBRCSDfnG9Ly.wav, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\BNBRCSDfnG9Ly.wav.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5390
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\bxFlFkFVlcBldzTF.jpg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\bxFlFkFVlcBldzTF.jpg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\bxFlFkFVlcBldzTF.jpg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5394
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\BZuRj0Q.jpg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\BZuRj0Q.jpg, type = size, size_out = 78893 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\BZuRj0Q.jpg, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\BZuRj0Q.jpg, size = 78893, size_out = 78893 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\BZuRj0Q.jpg, size = 78896 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\BZuRj0Q.jpg, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\BZuRj0Q.jpg, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\BZuRj0Q.jpg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\BZuRj0Q.jpg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5398
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\dUCn4607e5za GN.mp3, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\dUCn4607e5za GN.mp3, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\dUCn4607e5za GN.mp3.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x539c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EtFDxO.bmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EtFDxO.bmp, type = size, size_out = 42738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EtFDxO.bmp, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EtFDxO.bmp, size = 42738, size_out = 42738 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EtFDxO.bmp, size = 42752 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EtFDxO.bmp, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EtFDxO.bmp, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EtFDxO.bmp, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EtFDxO.bmp.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x53a0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\f4 q3WksJVrLw.pdf, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\f4 q3WksJVrLw.pdf, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\f4 q3WksJVrLw.pdf.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x53a4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\I0iGbSjzdjNYzu.xls, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\I0iGbSjzdjNYzu.xls, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\I0iGbSjzdjNYzu.xls.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x53a8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\PLDM5bj8U.mp3, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\PLDM5bj8U.mp3, type = size, size_out = 13836 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\PLDM5bj8U.mp3, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\PLDM5bj8U.mp3, size = 13836, size_out = 13836 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\PLDM5bj8U.mp3, size = 13840 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\PLDM5bj8U.mp3, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\PLDM5bj8U.mp3, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\PLDM5bj8U.mp3, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\PLDM5bj8U.mp3.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x53ac
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\qvZQXub6daTWFoSwVEJf.mp3, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\qvZQXub6daTWFoSwVEJf.mp3, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\qvZQXub6daTWFoSwVEJf.mp3.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x53b0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\qXQ8-QdfHvdJ BwhQ9P9.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\qXQ8-QdfHvdJ BwhQ9P9.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\qXQ8-QdfHvdJ BwhQ9P9.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x53b4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\sJNPBx1ehdBo.m4a, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\sJNPBx1ehdBo.m4a, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\sJNPBx1ehdBo.m4a.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x53b8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\UFnTEli.xlsx, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\UFnTEli.xlsx, type = size, size_out = 48065 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\UFnTEli.xlsx, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\UFnTEli.xlsx, size = 48065, size_out = 48065 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\UFnTEli.xlsx, size = 48080 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\UFnTEli.xlsx, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\UFnTEli.xlsx, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\UFnTEli.xlsx, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\UFnTEli.xlsx.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x53bc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\UUSs3AeMNCx54.jpg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\UUSs3AeMNCx54.jpg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\UUSs3AeMNCx54.jpg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x53c0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\u_t6UyUNmbL5JeN0Z.doc, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\u_t6UyUNmbL5JeN0Z.doc, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\u_t6UyUNmbL5JeN0Z.doc.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x53c4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\WJPVs.mp4, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\WJPVs.mp4, type = size, size_out = 3323 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\WJPVs.mp4, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\WJPVs.mp4, size = 3323, size_out = 3323 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\WJPVs.mp4, size = 3328 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\WJPVs.mp4, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\WJPVs.mp4, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\WJPVs.mp4, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\WJPVs.mp4.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x53c8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\_ljjvK390Yct8JYbkw.mp3, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\_ljjvK390Yct8JYbkw.mp3, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\_ljjvK390Yct8JYbkw.mp3.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x53d8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\Temp\CalendarCache.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\Temp\CalendarCache.dat, type = size, size_out = 20 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\Temp\CalendarCache.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\Temp\CalendarCache.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x53dc
18
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\store.vol, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\store.vol, type = size, size_out = 6291456 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\store.vol, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\store.vol, size = 16, size_out = 16 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\store.vol, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\store.vol, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\store.vol, size = 0, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\store.vol, size = 16 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\store.vol, size = 10 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\store.vol, size = 268 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\store.vol, size = 16 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\store.vol, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\store.vol.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x53e0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.chk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.chk, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.chk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.chk, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.chk, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.chk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.chk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.chk, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.chk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x53e4
24
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.log, type = size, size_out = 3145728 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.log, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.log, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.log, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.log, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.log, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.log, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.log, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.log, size = 145728, size_out = 145728 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.log, size = 145744 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.log, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.log, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x53e8
24
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00001.jrs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00001.jrs, type = size, size_out = 3145728 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00001.jrs, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00001.jrs, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00001.jrs, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00001.jrs, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00001.jrs, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00001.jrs, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.txt, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.txt, size = 145728, size_out = 145728 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.txt, size = 145744 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00001.jrs, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00001.jrs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x53ec
24
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00002.jrs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00002.jrs, type = size, size_out = 3145728 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00002.jrs, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00002.jrs, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00002.jrs, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00002.jrs, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00002.jrs, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00002.jrs, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00002.jrs, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00002.jrs, size = 145728, size_out = 145728 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00002.jrs, size = 145744 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00002.jrs, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00002.jrs, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00002.jrs, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00002.jrs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x53f0
24
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USStmp.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USStmp.log, type = size, size_out = 3145728 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USStmp.log, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USStmp.log, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USStmp.log, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USStmp.log, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USStmp.log, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USStmp.log, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USStmp.log, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USStmp.log, size = 145728, size_out = 145728 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USStmp.log, size = 145744 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USStmp.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USStmp.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x53f4
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x53f8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x53fc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x500c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\IconCache.db, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\IconCache.db, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\IconCache.db.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x50fc
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0\ngen.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0\ngen.log, type = size, size_out = 756 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0\ngen.log, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0\ngen.log, size = 756, size_out = 756 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0\ngen.log, size = 768 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0\ngen.log, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0\ngen.log, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0\ngen.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0\ngen.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x51d8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0_32\ngen.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0_32\ngen.log, type = size, size_out = 751 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0_32\ngen.log, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0_32\ngen.log, size = 751, size_out = 751 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0_32\ngen.log, size = 752 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0_32\ngen.log, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0_32\ngen.log, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0_32\ngen.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0_32\ngen.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5278
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Credentials\DFBE70A7E5CC19A398EBF1B96859CE5D, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Credentials\DFBE70A7E5CC19A398EBF1B96859CE5D, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Credentials\DFBE70A7E5CC19A398EBF1B96859CE5D.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5320
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\FeedsStore.feedsdb-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\FeedsStore.feedsdb-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\FeedsStore.feedsdb-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5358
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x531c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\O593F7EE\ieonlinews.microsoft[1], desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\O593F7EE\ieonlinews.microsoft[1], destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\O593F7EE\ieonlinews.microsoft[1].RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x50bc
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\FORMS\FRMDATA64.DAT, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\FORMS\FRMDATA64.DAT, type = size, size_out = 254900 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\FORMS\FRMDATA64.DAT, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\FORMS\FRMDATA64.DAT, size = 254900, size_out = 254900 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\RyukReadMe.txt, size = 254912 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\FORMS\FRMDATA64.DAT, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\FORMS\FRMDATA64.DAT.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5168
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\GameDVR\KnownGameList.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\GameDVR\KnownGameList.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\GameDVR\KnownGameList.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x527c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\brndlog.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\brndlog.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\brndlog.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x50b8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\ie4uinit-ClearIconCache.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\ie4uinit-ClearIconCache.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\ie4uinit-ClearIconCache.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5204
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\ie4uinit-UserConfig.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\ie4uinit-UserConfig.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\ie4uinit-UserConfig.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5128
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x53d0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\PowerP16.customUI, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\PowerP16.customUI, type = size, size_out = 3524 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\PowerP16.customUI, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\PowerP16.customUI, size = 3524, size_out = 3524 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\PowerP16.customUI, size = 3536 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\PowerP16.customUI, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\PowerP16.customUI, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\PowerP16.customUI, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\PowerP16.customUI.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x53d4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\Word16.customUI, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\Word16.customUI, type = size, size_out = 3514 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\Word16.customUI, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\Word16.customUI, size = 3514, size_out = 3514 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\Word16.customUI, size = 3520 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\Word16.customUI, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\Word16.customUI, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\Word16.customUI, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\Word16.customUI.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x53cc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-12.641.736.1.odl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-12.641.736.1.odl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-12.641.736.1.odl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5260
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-13.114.4068.1.odl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-13.114.4068.1.odl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-13.114.4068.1.odl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x52c8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-13.2154.3480.1.odl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-13.2154.3480.1.odl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-13.2154.3480.1.odl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5354
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-18.2324.2928.1.odl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-18.2324.2928.1.odl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-18.2324.2928.1.odl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x525c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-21.155.3700.1.odl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-21.155.3700.1.odl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-21.155.3700.1.odl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5344
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-9-26.2241.1252.1.odl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-9-26.2241.1252.1.odl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-9-26.2241.1252.1.odl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x529c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-9-26.63.3668.1.odl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-9-26.63.3668.1.odl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-9-26.63.3668.1.odl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x402c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\standaloneUpdaterTelemetryCache.otc, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\standaloneUpdaterTelemetryCache.otc, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\standaloneUpdaterTelemetryCache.otc.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4058
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\standaloneUpdaterTelemetryCache.otc.session, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\standaloneUpdaterTelemetryCache.otc.session, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\standaloneUpdaterTelemetryCache.otc.session.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x50f8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\telemetryCache.otc, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\telemetryCache.otc, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\telemetryCache.otc.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5274
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\telemetryCache.otc.session, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\telemetryCache.otc.session, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\telemetryCache.otc.session.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5404
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceArchive.5892.0626-0.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceArchive.5892.0626-0.etl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceArchive.5892.0626-0.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5408
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceArchive.6917.0607-1.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceArchive.6917.0607-1.etl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceArchive.6917.0607-1.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x540c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceCurrent.6998.0830.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceCurrent.6998.0830.etl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceCurrent.6998.0830.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5410
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\OneDrivePersonal.cmd, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\OneDrivePersonal.cmd, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\OneDrivePersonal.cmd.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5414
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_121120_934-848.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_121120_934-848.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_121120_934-848.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5418
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_121121_d68-ddc.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_121121_d68-ddc.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_121121_d68-ddc.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x541c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_123817_760-808.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_123817_760-808.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_123817_760-808.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5420
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_123818_e38-824.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_123818_e38-824.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_123818_e38-824.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5424
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_133220_864-704.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_133220_864-704.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_133220_864-704.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5428
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_133220_ae0-29c.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_133220_ae0-29c.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_133220_ae0-29c.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x542c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-05-24_104601_b30-494.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-05-24_104601_b30-494.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-05-24_104601_b30-494.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5430
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-07-12_164141_b14-7f0.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-07-12_164141_b14-7f0.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-07-12_164141_b14-7f0.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5434
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-09-26_160326_bb4-8e8.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-09-26_160326_bb4-8e8.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-09-26_160326_bb4-8e8.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5438
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-05-24_104600_528-57c.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-05-24_104600_528-57c.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-05-24_104600_528-57c.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x543c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-07-12_164138_904-4d0.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-07-12_164138_904-4d0.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-07-12_164138_904-4d0.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5440
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-09-26_160323_3a0-354.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-09-26_160323_3a0-354.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-09-26_160323_3a0-354.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5444
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5448
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc.session, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc.session, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc.session.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x544c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-12_164130_2e0-2c8.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-12_164130_2e0-2c8.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-12_164130_2e0-2c8.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5450
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-13_111425_fe4-f74.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-13_111425_fe4-f74.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-13_111425_fe4-f74.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5454
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-14_075507_d98-d94.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-14_075507_d98-d94.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-14_075507_d98-d94.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5458
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-19_092447_b70-3a8.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-19_092447_b70-3a8.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-19_092447_b70-3a8.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x545c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-21_115555_e74-e78.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-21_115555_e74-e78.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-21_115555_e74-e78.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5460
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-09-26_160311_e54-e58.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-09-26_160311_e54-e58.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-09-26_160311_e54-e58.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5464
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-09-27_084159_4e4-594.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-09-27_084159_4e4-594.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-09-27_084159_4e4-594.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5468
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x546c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc.session, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc.session, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc.session.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5470
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000000.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000000.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000000.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5474
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000001.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000001.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000001.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5478
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000004.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000004.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000004.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x547c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000005.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000005.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000005.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5480
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000006.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000006.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000006.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5484
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000007.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000007.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000007.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5488
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000008.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000008.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000008.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x548c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000009.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000009.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000009.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5490
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000C.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000C.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000C.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5494
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000D.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000D.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000D.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5498
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000F.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000F.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000F.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x549c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000G.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000G.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000G.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x54a0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000H.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000H.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000H.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x54a4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000I.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000I.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000I.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x54a8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000J.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000J.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000J.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x54ac
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000L.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000L.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000L.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x54b0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000M.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000M.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000M.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x54b4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000N.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000N.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000N.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x54b8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000O.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000O.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000O.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x54bc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000P.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000P.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000P.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x54c0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000Q.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000Q.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000Q.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x54c4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000R.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000R.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000R.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x54c8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000S.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000S.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000S.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x54cc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000T.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000T.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000T.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x54d0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000U.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000U.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000U.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x54d4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000V.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000V.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000V.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x54d8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000010.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000010.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000010.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x54dc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000011.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000011.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000011.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x54e0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000012.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000012.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000012.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x54e4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000013.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000013.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000013.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x54e8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000014.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000014.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000014.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x54ec
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000015.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000015.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000015.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x54f0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000016.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000016.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000016.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x54f4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000017.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000017.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000017.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x54f8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000018.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000018.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000018.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x54fc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003K.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003K.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003K.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5500
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003L.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003L.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003L.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5504
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003M.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003M.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003M.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5508
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003N.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003N.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003N.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x550c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000048.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000048.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000048.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5510
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000004U.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000004U.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000004U.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5514
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\header, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\header, type = size, size_out = 72 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\header, size = 72, size_out = 72 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\header, size = 80 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\header, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\header, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\header, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\header.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5518
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\TokenBroker\Cache\8d68c2e8263ce2da4efc5fc5f9a0c85c16c38ae4.tbres, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\TokenBroker\Cache\8d68c2e8263ce2da4efc5fc5f9a0c85c16c38ae4.tbres, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\TokenBroker\Cache\8d68c2e8263ce2da4efc5fc5f9a0c85c16c38ae4.tbres.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x551c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Visio\content16.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Visio\content16.dat, type = size, size_out = 275840 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Visio\content16.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Visio\content16.dat, size = 275840, size_out = 275840 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Visio\content16.dat, size = 275856 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Visio\content16.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Visio\content16.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Visio\content16.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Visio\content16.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5524
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Sidebar\settings.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Sidebar\settings.ini, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Sidebar\settings.ini.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5528
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\-IV4wPwFL.jpg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\-IV4wPwFL.jpg, type = size, size_out = 73042 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\-IV4wPwFL.jpg, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\-IV4wPwFL.jpg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\-IV4wPwFL.jpg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\-IV4wPwFL.jpg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\-IV4wPwFL.jpg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x552c
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\143D8HQ-K.flv, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\143D8HQ-K.flv, type = size, size_out = 18306 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\143D8HQ-K.flv, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\143D8HQ-K.flv, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\143D8HQ-K.flv.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\143D8HQ-K.flv, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\143D8HQ-K.flv.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5530
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\1h4xX.ots.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\1h4xX.ots.RYK, type = size, size_out = 41458 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\1h4xX.ots.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5534
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\1IfXYAEG.m4a, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\1IfXYAEG.m4a, type = size, size_out = 40434 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\1IfXYAEG.m4a, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\1IfXYAEG.m4a, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\1IfXYAEG.m4a.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\1IfXYAEG.m4a, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\1IfXYAEG.m4a.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5538
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\23-z26ppnFbb _N.m4a, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\23-z26ppnFbb _N.m4a, type = size, size_out = 10901 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\23-z26ppnFbb _N.m4a, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\23-z26ppnFbb _N.m4a, size = 10901, size_out = 10901 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\23-z26ppnFbb _N.m4a, size = 10912 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\23-z26ppnFbb _N.m4a, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\23-z26ppnFbb _N.m4a, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\23-z26ppnFbb _N.m4a, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\23-z26ppnFbb _N.m4a.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x553c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\8c 7fOguOClvgb97sIp.xls, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\8c 7fOguOClvgb97sIp.xls, type = size, size_out = 56211 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\8c 7fOguOClvgb97sIp.xls, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\8c 7fOguOClvgb97sIp.xls, size = 56211, size_out = 56211 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\8c 7fOguOClvgb97sIp.xls, size = 56224 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\8c 7fOguOClvgb97sIp.xls, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\8c 7fOguOClvgb97sIp.xls, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\8c 7fOguOClvgb97sIp.xls, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\8c 7fOguOClvgb97sIp.xls.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5540
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\a6WaOQ3LzAaGpXb88w.mkv, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\a6WaOQ3LzAaGpXb88w.mkv, type = size, size_out = 82799 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\a6WaOQ3LzAaGpXb88w.mkv, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\a6WaOQ3LzAaGpXb88w.mkv, size = 82799, size_out = 82799 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\a6WaOQ3LzAaGpXb88w.mkv, size = 82800 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\a6WaOQ3LzAaGpXb88w.mkv, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\a6WaOQ3LzAaGpXb88w.mkv, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\a6WaOQ3LzAaGpXb88w.mkv, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\a6WaOQ3LzAaGpXb88w.mkv.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5544
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\A9jMpUEC4IEAgPajkt.mp4, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\A9jMpUEC4IEAgPajkt.mp4, type = size, size_out = 59368 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\A9jMpUEC4IEAgPajkt.mp4, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\A9jMpUEC4IEAgPajkt.mp4, size = 59368, size_out = 59368 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\A9jMpUEC4IEAgPajkt.mp4, size = 59376 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\A9jMpUEC4IEAgPajkt.mp4, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\A9jMpUEC4IEAgPajkt.mp4, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\A9jMpUEC4IEAgPajkt.mp4, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\A9jMpUEC4IEAgPajkt.mp4.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5548
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\b7YZ5uYsWzDT2Y.bmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\b7YZ5uYsWzDT2Y.bmp, type = size, size_out = 74575 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\b7YZ5uYsWzDT2Y.bmp, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\b7YZ5uYsWzDT2Y.bmp, size = 74575, size_out = 74575 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\b7YZ5uYsWzDT2Y.bmp, size = 74576 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\b7YZ5uYsWzDT2Y.bmp, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\b7YZ5uYsWzDT2Y.bmp, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\b7YZ5uYsWzDT2Y.bmp, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\b7YZ5uYsWzDT2Y.bmp.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x554c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\BNBRCSDfnG9Ly.wav, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\BNBRCSDfnG9Ly.wav, type = size, size_out = 52160 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\BNBRCSDfnG9Ly.wav, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\BNBRCSDfnG9Ly.wav, size = 52160, size_out = 52160 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\BNBRCSDfnG9Ly.wav, size = 52176 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\BNBRCSDfnG9Ly.wav, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\BNBRCSDfnG9Ly.wav, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\BNBRCSDfnG9Ly.wav, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\BNBRCSDfnG9Ly.wav.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5550
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\bxFlFkFVlcBldzTF.jpg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\bxFlFkFVlcBldzTF.jpg, type = size, size_out = 14682 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\bxFlFkFVlcBldzTF.jpg, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\bxFlFkFVlcBldzTF.jpg, size = 14682, size_out = 14682 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\bxFlFkFVlcBldzTF.jpg, size = 14688 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\bxFlFkFVlcBldzTF.jpg, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\bxFlFkFVlcBldzTF.jpg, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\bxFlFkFVlcBldzTF.jpg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\bxFlFkFVlcBldzTF.jpg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5554
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\BZuRj0Q.jpg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\BZuRj0Q.jpg, type = size, size_out = 79170 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\BZuRj0Q.jpg, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\BZuRj0Q.jpg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\BZuRj0Q.jpg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\BZuRj0Q.jpg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\BZuRj0Q.jpg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5558
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\dUCn4607e5za GN.mp3, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\dUCn4607e5za GN.mp3, type = size, size_out = 64928 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\dUCn4607e5za GN.mp3, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\dUCn4607e5za GN.mp3, size = 64928, size_out = 64928 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\dUCn4607e5za GN.mp3, size = 64944 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\dUCn4607e5za GN.mp3, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\dUCn4607e5za GN.mp3, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\dUCn4607e5za GN.mp3, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\dUCn4607e5za GN.mp3.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x555c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EtFDxO.bmp.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EtFDxO.bmp.RYK, type = size, size_out = 43026 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EtFDxO.bmp.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5560
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\f4 q3WksJVrLw.pdf, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\f4 q3WksJVrLw.pdf, type = size, size_out = 55748 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\f4 q3WksJVrLw.pdf, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\f4 q3WksJVrLw.pdf, size = 55748, size_out = 55748 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\f4 q3WksJVrLw.pdf, size = 55760 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\f4 q3WksJVrLw.pdf, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\f4 q3WksJVrLw.pdf, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\f4 q3WksJVrLw.pdf, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\f4 q3WksJVrLw.pdf.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5564
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\I0iGbSjzdjNYzu.xls, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\I0iGbSjzdjNYzu.xls, type = size, size_out = 9082 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\I0iGbSjzdjNYzu.xls, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\I0iGbSjzdjNYzu.xls, size = 9082, size_out = 9082 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\I0iGbSjzdjNYzu.xls, size = 9088 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\I0iGbSjzdjNYzu.xls, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\I0iGbSjzdjNYzu.xls, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\I0iGbSjzdjNYzu.xls, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\I0iGbSjzdjNYzu.xls.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5568
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\PLDM5bj8U.mp3, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\PLDM5bj8U.mp3, type = size, size_out = 14114 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\PLDM5bj8U.mp3, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\PLDM5bj8U.mp3, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\PLDM5bj8U.mp3.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\PLDM5bj8U.mp3, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\PLDM5bj8U.mp3.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x556c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\qvZQXub6daTWFoSwVEJf.mp3, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\qvZQXub6daTWFoSwVEJf.mp3, type = size, size_out = 57685 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\qvZQXub6daTWFoSwVEJf.mp3, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\qvZQXub6daTWFoSwVEJf.mp3, size = 57685, size_out = 57685 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\qvZQXub6daTWFoSwVEJf.mp3, size = 57696 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\qvZQXub6daTWFoSwVEJf.mp3, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\qvZQXub6daTWFoSwVEJf.mp3, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\qvZQXub6daTWFoSwVEJf.mp3, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\qvZQXub6daTWFoSwVEJf.mp3.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5570
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\qXQ8-QdfHvdJ BwhQ9P9.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\qXQ8-QdfHvdJ BwhQ9P9.png, type = size, size_out = 5878 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\qXQ8-QdfHvdJ BwhQ9P9.png, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\qXQ8-QdfHvdJ BwhQ9P9.png, size = 5878, size_out = 5878 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\qXQ8-QdfHvdJ BwhQ9P9.png, size = 5888 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\qXQ8-QdfHvdJ BwhQ9P9.png, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\qXQ8-QdfHvdJ BwhQ9P9.png, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\qXQ8-QdfHvdJ BwhQ9P9.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\qXQ8-QdfHvdJ BwhQ9P9.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5574
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\sJNPBx1ehdBo.m4a, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\sJNPBx1ehdBo.m4a, type = size, size_out = 93405 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\sJNPBx1ehdBo.m4a, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\sJNPBx1ehdBo.m4a, size = 93405, size_out = 93405 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\sJNPBx1ehdBo.m4a, size = 93408 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\sJNPBx1ehdBo.m4a, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\sJNPBx1ehdBo.m4a, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\sJNPBx1ehdBo.m4a, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\sJNPBx1ehdBo.m4a.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5578
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\UFnTEli.xlsx, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\UFnTEli.xlsx, type = size, size_out = 48354 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\UFnTEli.xlsx, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\UFnTEli.xlsx, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\UFnTEli.xlsx.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\UFnTEli.xlsx, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\UFnTEli.xlsx.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x557c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\UUSs3AeMNCx54.jpg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\UUSs3AeMNCx54.jpg, type = size, size_out = 21907 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\UUSs3AeMNCx54.jpg, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\UUSs3AeMNCx54.jpg, size = 21907, size_out = 21907 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\UUSs3AeMNCx54.jpg, size = 21920 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\UUSs3AeMNCx54.jpg, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\UUSs3AeMNCx54.jpg, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\UUSs3AeMNCx54.jpg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\UUSs3AeMNCx54.jpg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5580
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\u_t6UyUNmbL5JeN0Z.doc, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\u_t6UyUNmbL5JeN0Z.doc, type = size, size_out = 9086 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\u_t6UyUNmbL5JeN0Z.doc, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\u_t6UyUNmbL5JeN0Z.doc, size = 9086, size_out = 9086 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\u_t6UyUNmbL5JeN0Z.doc, size = 9088 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\u_t6UyUNmbL5JeN0Z.doc, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\u_t6UyUNmbL5JeN0Z.doc, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\u_t6UyUNmbL5JeN0Z.doc, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\u_t6UyUNmbL5JeN0Z.doc.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5584
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\WJPVs.mp4.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\WJPVs.mp4.RYK, type = size, size_out = 3602 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\WJPVs.mp4.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5588
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\_ljjvK390Yct8JYbkw.mp3, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\_ljjvK390Yct8JYbkw.mp3, type = size, size_out = 39485 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\_ljjvK390Yct8JYbkw.mp3, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\_ljjvK390Yct8JYbkw.mp3, size = 39485, size_out = 39485 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\_ljjvK390Yct8JYbkw.mp3, size = 39488 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\_ljjvK390Yct8JYbkw.mp3, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\_ljjvK390Yct8JYbkw.mp3, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\_ljjvK390Yct8JYbkw.mp3, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\_ljjvK390Yct8JYbkw.mp3.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x558c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\counters.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\counters.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\counters.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5590
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\IE\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\IE\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\IE\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5594
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\IE\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\IE\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\IE\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5598
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\MSIMGSIZ.DAT, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\MSIMGSIZ.DAT, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\MSIMGSIZ.DAT.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x559c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\SmartScreenCache.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\SmartScreenCache.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\SmartScreenCache.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x55a0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\SuggestedSites.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\SuggestedSites.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\SuggestedSites.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x55a4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB.chk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB.chk, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB.chk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB.chk, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB.chk, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB.chk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB.chk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB.chk, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB.chk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x55a8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x55ac
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB00006.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB00006.log, type = size, size_out = 2097152 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB00006.log, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB00006.log, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB00006.log, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB00006.log, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB00006.log, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB00006.log, size = 97152, size_out = 97152 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB00006.log, size = 97168 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB00006.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB00006.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x55b0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBres00001.jrs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBres00001.jrs, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBres00001.jrs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x55b4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBres00002.jrs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBres00002.jrs, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBres00002.jrs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x55b8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBtmp.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBtmp.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBtmp.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x55bc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\vedatamodel.edb, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\vedatamodel.edb, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\vedatamodel.edb.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x55c0
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\Temp\CalendarCache.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\Temp\CalendarCache.dat.RYK, type = size, size_out = 20 |
|
2 |
Thread 0x55c4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\store.vol.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\store.vol.RYK, type = size, size_out = 6291750 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\store.vol.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x55c8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.chk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.chk.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.chk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x55cc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.log.RYK, type = size, size_out = 3146018 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x55d0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00001.jrs.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00001.jrs.RYK, type = size, size_out = 3146018 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00001.jrs.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x55d4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00002.jrs.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00002.jrs.RYK, type = size, size_out = 3146018 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00002.jrs.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x55d8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USStmp.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USStmp.log.RYK, type = size, size_out = 3146018 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USStmp.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x55dc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x55e0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x55e4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\MSHist012019022720190228\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\MSHist012019022720190228\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\MSHist012019022720190228\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x55e8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x55ec
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\IconCache.db, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\IconCache.db, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\IconCache.db.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x55f0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0\ngen.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0\ngen.log.RYK, type = size, size_out = 1042 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0\ngen.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x55f4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0_32\ngen.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0_32\ngen.log.RYK, type = size, size_out = 1026 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0_32\ngen.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x55f8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Credentials\DFBE70A7E5CC19A398EBF1B96859CE5D, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Credentials\DFBE70A7E5CC19A398EBF1B96859CE5D, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Credentials\DFBE70A7E5CC19A398EBF1B96859CE5D.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x55fc
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\FeedsStore.feedsdb-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\FeedsStore.feedsdb-ms, type = size, size_out = 5120 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\FeedsStore.feedsdb-ms, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\FZW2QEOY\RyukReadMe.txt, size = 5120, size_out = 5120 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\FZW2QEOY\RyukReadMe.txt, size = 5136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\FZW2QEOY\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\FZW2QEOY\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\FeedsStore.feedsdb-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\FeedsStore.feedsdb-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5600
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5604
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\O593F7EE\ieonlinews.microsoft[1], desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\O593F7EE\ieonlinews.microsoft[1], destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\O593F7EE\ieonlinews.microsoft[1].RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5608
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\FORMS\FRMDATA64.DAT.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\FORMS\FRMDATA64.DAT.RYK, type = size, size_out = 255186 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\FORMS\FRMDATA64.DAT.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x560c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\GameDVR\KnownGameList.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\GameDVR\KnownGameList.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\GameDVR\KnownGameList.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5610
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\brndlog.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\brndlog.txt, type = size, size_out = 6583 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\brndlog.txt, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\brndlog.txt, size = 6583, size_out = 6583 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\brndlog.txt, size = 6592 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\brndlog.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\brndlog.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\brndlog.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\brndlog.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5614
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DomainSuggestions\en-US.1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DomainSuggestions\en-US.1, type = size, size_out = 18176 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DomainSuggestions\en-US.1, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DomainSuggestions\en-US.1, size = 18176, size_out = 18176 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DomainSuggestions\en-US.1, size = 18192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DomainSuggestions\en-US.1, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DomainSuggestions\en-US.1, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DomainSuggestions\en-US.1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DomainSuggestions\en-US.1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5618
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\52UK17NV\www.google[1].xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\52UK17NV\www.google[1].xml, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\52UK17NV\www.google[1].xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x561c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5620
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\L8OQST1L\consent.google[1].xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\L8OQST1L\consent.google[1].xml, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\L8OQST1L\consent.google[1].xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5624
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\EmieBrowserModeList\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\EmieBrowserModeList\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\EmieBrowserModeList\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5628
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\EmieSiteList\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\EmieSiteList\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\EmieSiteList\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x562c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\EmieUserList\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\EmieUserList\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\EmieUserList\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5630
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\ie4uinit-ClearIconCache.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\ie4uinit-ClearIconCache.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\ie4uinit-ClearIconCache.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5634
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\ie4uinit-UserConfig.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\ie4uinit-UserConfig.log, type = size, size_out = 1300 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\ie4uinit-UserConfig.log, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\RyukReadMe.txt, size = 1300, size_out = 1300 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\RyukReadMe.txt, size = 1312 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\ie4uinit-UserConfig.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\ie4uinit-UserConfig.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5638
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\IECompatData\iecompatdata.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\IECompatData\iecompatdata.xml, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\IECompatData\iecompatdata.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x563c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\IEFlipAheadCache\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\IEFlipAheadCache\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\IEFlipAheadCache\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5640
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\imagestore\sl72e5n\imagestore.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\imagestore\sl72e5n\imagestore.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\imagestore\sl72e5n\imagestore.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5644
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT, type = size, size_out = 49120 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT, size = 49120, size_out = 49120 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT, size = 49136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5648
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{63E26EB7-6816-11E7-9BD2-C40142ECDE47}.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{63E26EB7-6816-11E7-9BD2-C40142ECDE47}.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{63E26EB7-6816-11E7-9BD2-C40142ECDE47}.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x564c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{94C50253-C9AC-11E7-9BDD-C40142ECDE47}.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{94C50253-C9AC-11E7-9BDD-C40142ECDE47}.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{94C50253-C9AC-11E7-9BDD-C40142ECDE47}.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5650
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Tiles\pin-314712940\msapplication.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Tiles\pin-314712940\msapplication.xml, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Tiles\pin-314712940\msapplication.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5654
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\VersionManager\versionlist.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\VersionManager\versionlist.xml, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\VersionManager\versionlist.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5658
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\PowerP16.customUI, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\PowerP16.customUI, type = size, size_out = 3810 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\PowerP16.customUI, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\PowerP16.customUI, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\PowerP16.customUI.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\PowerP16.customUI, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\PowerP16.customUI.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x565c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\Word16.customUI.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\Word16.customUI.RYK, type = size, size_out = 3794 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\Word16.customUI.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5660
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayLogo.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayLogo.png, type = size, size_out = 4668 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayLogo.png, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayLogo.png, size = 4668, size_out = 4668 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayLogo.png, size = 4672 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayLogo.png, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayLogo.png, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayLogo.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayLogo.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5664
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayOptIn.gif, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayOptIn.gif, type = size, size_out = 383222 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayOptIn.gif, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayOptIn.gif, size = 383222, size_out = 383222 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayOptIn.gif, size = 383232 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayOptIn.gif, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayOptIn.gif, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayOptIn.gif, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayOptIn.gif.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5668
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayOptIn.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayOptIn.png, type = size, size_out = 10226 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayOptIn.png, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayOptIn.png, size = 10226, size_out = 10226 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayOptIn.png, size = 10240 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayOptIn.png, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayOptIn.png, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayOptIn.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayOptIn.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x566c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\CollectOneDriveLogs.bat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\CollectOneDriveLogs.bat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\CollectOneDriveLogs.bat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5670
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\ExclusionList.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\ExclusionList.xml, type = size, size_out = 20063 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\ExclusionList.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\ExclusionList.xml, size = 20063, size_out = 20063 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\ExclusionList.xml, size = 20064 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\ExclusionList.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\ExclusionList.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\ExclusionList.xml, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\ExclusionList.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5674
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayLogo.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayLogo.png, type = size, size_out = 4668 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayLogo.png, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayLogo.png, size = 4668, size_out = 4668 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayLogo.png, size = 4672 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayLogo.png, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayLogo.png, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayLogo.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayLogo.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5678
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayOptIn.gif, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayOptIn.gif, type = size, size_out = 383222 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayOptIn.gif, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayOptIn.gif, size = 383222, size_out = 383222 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\RyukReadMe.txt, size = 383232 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayOptIn.gif, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayOptIn.gif.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x567c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayOptIn.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayOptIn.png, type = size, size_out = 10226 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayOptIn.png, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayOptIn.png, size = 10226, size_out = 10226 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayOptIn.png, size = 10240 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayOptIn.png, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayOptIn.png, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayOptIn.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayOptIn.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5680
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\CollectOneDriveLogs.bat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\CollectOneDriveLogs.bat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\CollectOneDriveLogs.bat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5684
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\ExclusionList.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\ExclusionList.xml, type = size, size_out = 20063 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\ExclusionList.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\ExclusionList.xml, size = 20063, size_out = 20063 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\ExclusionList.xml, size = 20064 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\ExclusionList.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\ExclusionList.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\ExclusionList.xml, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\ExclusionList.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5688
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\adm\OneDrive.adml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\adm\OneDrive.adml, type = size, size_out = 19614 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\adm\OneDrive.adml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\adm\OneDrive.adml, size = 19614, size_out = 19614 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\af\RyukReadMe.txt, size = 19616 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\af\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\af\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\adm\OneDrive.adml, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\adm\OneDrive.adml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x568c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\adm\OneDrive.admx, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\adm\OneDrive.admx, type = size, size_out = 9836 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\adm\OneDrive.admx, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\adm\OneDrive.admx, size = 9836, size_out = 9836 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\adm\OneDrive.admx, size = 9840 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\adm\OneDrive.admx, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\adm\OneDrive.admx, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\adm\OneDrive.admx, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\adm\OneDrive.admx.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5690
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\alertIcon.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\alertIcon.png, type = size, size_out = 718 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\alertIcon.png, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\alertIcon.png, size = 718, size_out = 718 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\alertIcon.png, size = 720 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\alertIcon.png, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\alertIcon.png, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\alertIcon.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\alertIcon.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5694
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppBlue.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppBlue.png, type = size, size_out = 5499 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppBlue.png, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppBlue.png, size = 5499, size_out = 5499 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppBlue.png, size = 5504 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppBlue.png, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppBlue.png, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppBlue.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppBlue.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5698
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppErrorBlue.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppErrorBlue.png, type = size, size_out = 7574 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppErrorBlue.png, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppErrorBlue.png, size = 7574, size_out = 7574 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppErrorBlue.png, size = 7584 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppErrorBlue.png, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppErrorBlue.png, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppErrorBlue.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppErrorBlue.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x569c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppErrorWhite.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppErrorWhite.png, type = size, size_out = 8290 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppErrorWhite.png, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppErrorWhite.png, size = 8290, size_out = 8290 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppErrorWhite.png, size = 8304 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppErrorWhite.png, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppErrorWhite.png, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppErrorWhite.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppErrorWhite.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x56a0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppWhite.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppWhite.png, type = size, size_out = 3051 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppWhite.png, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppWhite.png, size = 3051, size_out = 3051 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppWhite.png, size = 3056 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppWhite.png, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppWhite.png, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppWhite.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppWhite.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x56a4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AutoPlayOptIn.gif, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AutoPlayOptIn.gif, type = size, size_out = 383222 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AutoPlayOptIn.gif, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AutoPlayOptIn.gif, size = 383222, size_out = 383222 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AutoPlayOptIn.gif, size = 383232 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AutoPlayOptIn.gif, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AutoPlayOptIn.gif, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AutoPlayOptIn.gif, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AutoPlayOptIn.gif.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x56a8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AutoPlayOptIn.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AutoPlayOptIn.png, type = size, size_out = 10226 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AutoPlayOptIn.png, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AutoPlayOptIn.png, size = 10226, size_out = 10226 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AutoPlayOptIn.png, size = 10240 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AutoPlayOptIn.png, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AutoPlayOptIn.png, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AutoPlayOptIn.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AutoPlayOptIn.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x56ac
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\CollectSyncLogs.bat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\CollectSyncLogs.bat, type = size, size_out = 6420 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\CollectSyncLogs.bat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\CollectSyncLogs.bat, size = 6420, size_out = 6420 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\CollectSyncLogs.bat, size = 6432 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\CollectSyncLogs.bat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\CollectSyncLogs.bat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\CollectSyncLogs.bat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\CollectSyncLogs.bat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x56b0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ElevatedAppBlue.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ElevatedAppBlue.png, type = size, size_out = 7383 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ElevatedAppBlue.png, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ElevatedAppBlue.png, size = 7383, size_out = 7383 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ElevatedAppBlue.png, size = 7392 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ElevatedAppBlue.png, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ElevatedAppBlue.png, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ElevatedAppBlue.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ElevatedAppBlue.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x56b4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ElevatedAppWhite.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ElevatedAppWhite.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ElevatedAppWhite.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x56b8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\Error.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\Error.png, type = size, size_out = 7780 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\Error.png, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\Error.png, size = 7780, size_out = 7780 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\Error.png, size = 7792 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\Error.png, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\Error.png, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\Error.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\Error.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x56bc
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ErrorPage.html, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ErrorPage.html, type = size, size_out = 5060 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ErrorPage.html, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ErrorPage.html, size = 5060, size_out = 5060 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ErrorPage.html, size = 5072 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ErrorPage.html, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ErrorPage.html, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ErrorPage.html, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ErrorPage.html.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x56c0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\acmDismissIcon.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\acmDismissIcon.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\acmDismissIcon.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x56c4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\blurrect.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\blurrect.png, type = size, size_out = 801 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\blurrect.png, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\blurrect.png, size = 801, size_out = 801 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\blurrect.png, size = 816 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\blurrect.png, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\blurrect.png, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\blurrect.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\blurrect.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x56c8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_finished.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_finished.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_finished.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x56cc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_hovered.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_hovered.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_hovered.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x56d0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_in_progress.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_in_progress.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_in_progress.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x56d4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_selected.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_selected.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_selected.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x56d8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\chevron.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\chevron.svg, type = size, size_out = 295 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\chevron.svg, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\chevron.svg, size = 295, size_out = 295 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\chevron.svg, size = 304 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\chevron.svg, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\chevron.svg, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\chevron.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\chevron.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x56dc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\chevronUp.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\chevronUp.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\chevronUp.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x56e0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\cloud.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\cloud.svg, type = size, size_out = 1735 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\cloud.svg, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ka\RyukReadMe.txt, size = 1735, size_out = 1735 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ka\RyukReadMe.txt, size = 1744 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ka\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ka\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\cloud.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\cloud.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x56e4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\done_graphic.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\done_graphic.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\done_graphic.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x56e8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\errorIcon.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\errorIcon.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\errorIcon.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x56ec
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder.svg, type = size, size_out = 291 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder.svg, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder.svg, size = 291, size_out = 291 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder.svg, size = 304 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder.svg, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder.svg, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x56f0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_desktop.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_desktop.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_desktop.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x56f4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_documents.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_documents.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_documents.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x56f8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_pictures.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_pictures.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_pictures.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x56fc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\iceBucket.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\iceBucket.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\iceBucket.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5700
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\loading.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\loading.svg, type = size, size_out = 718 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\loading.svg, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\loading.svg, size = 718, size_out = 718 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\loading.svg, size = 720 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\loading.svg, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\loading.svg, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\loading.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\loading.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5704
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\loading_spinner.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\loading_spinner.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\loading_spinner.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5708
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onDemandFiles.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onDemandFiles.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onDemandFiles.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x570c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onDemandSelectiveSync.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onDemandSelectiveSync.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onDemandSelectiveSync.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5710
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onedrivePremium.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onedrivePremium.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onedrivePremium.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5714
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\overflowIcon.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\overflowIcon.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\overflowIcon.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5718
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\overflowIconWhite.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\overflowIconWhite.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\overflowIconWhite.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x571c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\partiallyFreezing.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\partiallyFreezing.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\partiallyFreezing.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5720
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\settings.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\settings.svg, type = size, size_out = 1389 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\settings.svg, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\settings.svg, size = 1389, size_out = 1389 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\settings.svg, size = 1392 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\settings.svg, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\settings.svg, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\settings.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\settings.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5724
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\settingsdisabled.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\settingsdisabled.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\settingsdisabled.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5728
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\signIn.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\signIn.svg, type = size, size_out = 10932 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\signIn.svg, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\signIn.svg, size = 10932, size_out = 10932 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\signIn.svg, size = 10944 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\signIn.svg, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\signIn.svg, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\signIn.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\signIn.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x572c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\stackedIceCubes.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\stackedIceCubes.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\stackedIceCubes.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5730
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\waterGlass.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\waterGlass.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\waterGlass.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5734
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\LoadingPage.html, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\LoadingPage.html, type = size, size_out = 6400 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\LoadingPage.html, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\LoadingPage.html, size = 6400, size_out = 6400 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\LoadingPage.html, size = 6416 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\LoadingPage.html, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\LoadingPage.html, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\LoadingPage.html, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\LoadingPage.html.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5738
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\OneDriveLogo.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\OneDriveLogo.png, type = size, size_out = 4668 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\OneDriveLogo.png, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\OneDriveLogo.png, size = 4668, size_out = 4668 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\OneDriveLogo.png, size = 4672 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\OneDriveLogo.png, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\OneDriveLogo.png, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\OneDriveLogo.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\OneDriveLogo.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x573c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\fabricmdl2.ttf, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\fabricmdl2.ttf, type = size, size_out = 106588 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\fabricmdl2.ttf, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\fabricmdl2.ttf, size = 106588, size_out = 106588 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\fabricmdl2.ttf, size = 106592 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\fabricmdl2.ttf, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\fabricmdl2.ttf, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\fabricmdl2.ttf, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\fabricmdl2.ttf.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5740
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick.2\plugins.qmltypes, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick.2\plugins.qmltypes, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick.2\plugins.qmltypes.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5744
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick.2\qmldir, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick.2\qmldir, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick.2\qmldir.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5748
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaCritical.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaCritical.png, type = size, size_out = 8806 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaCritical.png, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaCritical.png, size = 8806, size_out = 8806 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaCritical.png, size = 8816 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaCritical.png, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaCritical.png, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaCritical.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaCritical.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x574c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaError.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaError.png, type = size, size_out = 9290 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaError.png, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaError.png, size = 9290, size_out = 9290 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaError.png, size = 9296 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaError.png, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaError.png, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaError.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaError.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5750
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaNearing.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaNearing.png, type = size, size_out = 7513 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaNearing.png, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaNearing.png, size = 7513, size_out = 7513 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\RyukReadMe.txt, size = 7520 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaNearing.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaNearing.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5754
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\SaveApplicationEventLogs.wsf, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\SaveApplicationEventLogs.wsf, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\SaveApplicationEventLogs.wsf.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5758
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ScreenshotOptIn.gif, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ScreenshotOptIn.gif, type = size, size_out = 243489 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ScreenshotOptIn.gif, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ScreenshotOptIn.gif, size = 243489, size_out = 243489 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ScreenshotOptIn.gif, size = 243504 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ScreenshotOptIn.gif, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ScreenshotOptIn.gif, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ScreenshotOptIn.gif, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ScreenshotOptIn.gif.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x575c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\TestSharePage.html, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\TestSharePage.html, type = size, size_out = 1156 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\TestSharePage.html, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\RyukReadMe.txt, size = 1156, size_out = 1156 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\RyukReadMe.txt, size = 1168 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\TestSharePage.html, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\TestSharePage.html.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5760
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ThirdPartyNotices.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ThirdPartyNotices.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ThirdPartyNotices.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5764
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\Warning.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\Warning.png, type = size, size_out = 2593 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\Warning.png, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\Warning.png, size = 2593, size_out = 2593 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\Warning.png, size = 2608 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\Warning.png, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\Warning.png, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\Warning.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\Warning.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5774
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-12.641.736.1.odl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-12.641.736.1.odl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-12.641.736.1.odl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5778
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-13.114.4068.1.odl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-13.114.4068.1.odl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-13.114.4068.1.odl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x577c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-13.2154.3480.1.odl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-13.2154.3480.1.odl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-13.2154.3480.1.odl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5780
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-18.2324.2928.1.odl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-18.2324.2928.1.odl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-18.2324.2928.1.odl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5784
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-21.155.3700.1.odl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-21.155.3700.1.odl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-21.155.3700.1.odl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5788
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-9-26.2241.1252.1.odl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-9-26.2241.1252.1.odl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-9-26.2241.1252.1.odl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x578c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-9-26.63.3668.1.odl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-9-26.63.3668.1.odl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-9-26.63.3668.1.odl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5790
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\standaloneUpdaterTelemetryCache.otc, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\standaloneUpdaterTelemetryCache.otc, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\standaloneUpdaterTelemetryCache.otc.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5794
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\standaloneUpdaterTelemetryCache.otc.session, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\standaloneUpdaterTelemetryCache.otc.session, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\standaloneUpdaterTelemetryCache.otc.session.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5798
22
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\telemetryCache.otc, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\telemetryCache.otc, type = size, size_out = 10516920 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\telemetryCache.otc, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\telemetryCache.otc, size = 16, size_out = 16 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\telemetryCache.otc, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\telemetryCache.otc, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\telemetryCache.otc, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\telemetryCache.otc, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\telemetryCache.otc, size = 0, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\telemetryCache.otc, size = 16 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\telemetryCache.otc, size = 10 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\telemetryCache.otc, size = 268 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\telemetryCache.otc, size = 16 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\telemetryCache.otc, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\telemetryCache.otc.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x579c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\telemetryCache.otc.session, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\telemetryCache.otc.session, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\telemetryCache.otc.session.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x57a0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceArchive.5892.0626-0.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceArchive.5892.0626-0.etl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceArchive.5892.0626-0.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x57a4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceArchive.6917.0607-1.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceArchive.6917.0607-1.etl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceArchive.6917.0607-1.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x57a8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceCurrent.6998.0830.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceCurrent.6998.0830.etl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceCurrent.6998.0830.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x57b8
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\OneDrivePersonal.cmd, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\OneDrivePersonal.cmd, type = size, size_out = 77 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\OneDrivePersonal.cmd, size = 77, size_out = 77 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\OneDrivePersonal.cmd, size = 80 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\OneDrivePersonal.cmd, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\OneDrivePersonal.cmd, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\OneDrivePersonal.cmd, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\OneDrivePersonal.cmd.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x57bc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_121120_934-848.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_121120_934-848.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_121120_934-848.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x57c0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_121121_d68-ddc.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_121121_d68-ddc.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_121121_d68-ddc.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x57c4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_123817_760-808.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_123817_760-808.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_123817_760-808.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x57c8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_123818_e38-824.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_123818_e38-824.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_123818_e38-824.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x57cc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_133220_864-704.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_133220_864-704.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_133220_864-704.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x57d0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_133220_ae0-29c.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_133220_ae0-29c.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_133220_ae0-29c.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x57d4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-05-24_104601_b30-494.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-05-24_104601_b30-494.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-05-24_104601_b30-494.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x57d8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-07-12_164141_b14-7f0.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-07-12_164141_b14-7f0.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-07-12_164141_b14-7f0.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x57dc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-09-26_160326_bb4-8e8.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-09-26_160326_bb4-8e8.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-09-26_160326_bb4-8e8.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x57e0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-05-24_104600_528-57c.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-05-24_104600_528-57c.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-05-24_104600_528-57c.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x57e4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-07-12_164138_904-4d0.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-07-12_164138_904-4d0.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-07-12_164138_904-4d0.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x57e8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-09-26_160323_3a0-354.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-09-26_160323_3a0-354.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-09-26_160323_3a0-354.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x57ec
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x57f0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc.session, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc.session, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc.session.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x57f4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-12_164130_2e0-2c8.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-12_164130_2e0-2c8.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-12_164130_2e0-2c8.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x57f8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-13_111425_fe4-f74.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-13_111425_fe4-f74.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-13_111425_fe4-f74.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x57fc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-14_075507_d98-d94.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-14_075507_d98-d94.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-14_075507_d98-d94.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5768
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-19_092447_b70-3a8.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-19_092447_b70-3a8.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-19_092447_b70-3a8.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5804
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-21_115555_e74-e78.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-21_115555_e74-e78.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-21_115555_e74-e78.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5808
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-09-26_160311_e54-e58.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-09-26_160311_e54-e58.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-09-26_160311_e54-e58.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x580c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-09-27_084159_4e4-594.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-09-27_084159_4e4-594.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-09-27_084159_4e4-594.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5810
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc, type = size, size_out = 20480 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc, size = 20480, size_out = 20480 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\RyukReadMe.txt, size = 20496 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5814
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc.session, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc.session, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc.session.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x581c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\StandaloneUpdater\Update.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\StandaloneUpdater\Update.xml, type = size, size_out = 387 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\StandaloneUpdater\Update.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\StandaloneUpdater\Update.xml, size = 387, size_out = 387 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\StandaloneUpdater\Update.xml, size = 400 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\StandaloneUpdater\Update.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\StandaloneUpdater\Update.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\StandaloneUpdater\Update.xml, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\StandaloneUpdater\Update.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5820
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000000.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000000.bin, type = size, size_out = 12288 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000000.bin, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000000.bin, size = 12288, size_out = 12288 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000000.bin, size = 12304 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000000.bin, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000000.bin, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000000.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000000.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5824
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000001.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000001.bin, type = size, size_out = 20480 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000001.bin, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000001.bin, size = 20480, size_out = 20480 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000001.bin, size = 20496 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000001.bin, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000001.bin, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000001.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000001.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5828
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000004.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000004.bin, type = size, size_out = 14458 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000004.bin, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000004.bin, size = 14458, size_out = 14458 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000004.bin, size = 14464 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000004.bin, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000004.bin, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000004.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000004.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x582c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000005.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000005.bin, type = size, size_out = 19235 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000005.bin, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000005.bin, size = 19235, size_out = 19235 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000005.bin, size = 19248 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000005.bin, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000005.bin, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000005.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000005.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5830
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000006.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000006.bin, type = size, size_out = 1604 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000006.bin, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000006.bin, size = 1604, size_out = 1604 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000006.bin, size = 1616 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000006.bin, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000006.bin, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000006.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000006.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5834
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000007.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000007.bin, type = size, size_out = 2232 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000007.bin, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000007.bin, size = 2232, size_out = 2232 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000007.bin, size = 2240 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000007.bin, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000007.bin, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000007.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000007.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5838
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000008.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000008.bin, type = size, size_out = 3679 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000008.bin, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000008.bin, size = 3679, size_out = 3679 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000008.bin, size = 3680 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000008.bin, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000008.bin, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000008.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000008.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x583c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000009.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000009.bin, type = size, size_out = 13030 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000009.bin, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000009.bin, size = 13030, size_out = 13030 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000009.bin, size = 13040 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000009.bin, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000009.bin, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000009.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000009.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5840
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000C.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000C.bin, type = size, size_out = 5386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000C.bin, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000C.bin, size = 5386, size_out = 5386 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000C.bin, size = 5392 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000C.bin, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000C.bin, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000C.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000C.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5844
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000D.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000D.bin, type = size, size_out = 7374 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000D.bin, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000D.bin, size = 7374, size_out = 7374 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000D.bin, size = 7376 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000D.bin, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000D.bin, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000D.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000D.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5848
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000F.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000F.bin, type = size, size_out = 4847 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000F.bin, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000F.bin, size = 4847, size_out = 4847 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000F.bin, size = 4848 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000F.bin, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000F.bin, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000F.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000F.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x584c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000G.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000G.bin, type = size, size_out = 2210 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000G.bin, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000G.bin, size = 2210, size_out = 2210 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000G.bin, size = 2224 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000G.bin, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000G.bin, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000G.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000G.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5850
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000H.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000H.bin, type = size, size_out = 1657 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000H.bin, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000H.bin, size = 1657, size_out = 1657 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000H.bin, size = 1664 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000H.bin, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000H.bin, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000H.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000H.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5854
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000I.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000I.bin, type = size, size_out = 3879 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000I.bin, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000I.bin, size = 3879, size_out = 3879 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000I.bin, size = 3888 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000I.bin, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000I.bin, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000I.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000I.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5858
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000J.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000J.bin, type = size, size_out = 13084 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000J.bin, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000J.bin, size = 13084, size_out = 13084 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000J.bin, size = 13088 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000J.bin, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000J.bin, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000J.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000J.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x585c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000L.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000L.bin, type = size, size_out = 2332 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000L.bin, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000L.bin, size = 2332, size_out = 2332 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000L.bin, size = 2336 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000L.bin, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000L.bin, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000L.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000L.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5860
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000M.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000M.bin, type = size, size_out = 4181 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000M.bin, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000M.bin, size = 4181, size_out = 4181 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000M.bin, size = 4192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000M.bin, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000M.bin, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000M.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000M.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5864
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000N.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000N.bin, type = size, size_out = 22634 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000N.bin, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\tmp\RyukReadMe.txt, size = 22634, size_out = 22634 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\tmp\RyukReadMe.txt, size = 22640 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\tmp\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\tmp\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000N.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000N.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5868
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000O.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000O.bin, type = size, size_out = 16003 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000O.bin, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000O.bin, size = 16003, size_out = 16003 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000O.bin, size = 16016 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000O.bin, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000O.bin, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000O.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000O.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x586c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000P.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000P.bin, type = size, size_out = 17289 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000P.bin, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000P.bin, size = 17289, size_out = 17289 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000P.bin, size = 17296 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000P.bin, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000P.bin, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000P.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000P.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5870
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000Q.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000Q.bin, type = size, size_out = 4490 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000Q.bin, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000Q.bin, size = 4490, size_out = 4490 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000Q.bin, size = 4496 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000Q.bin, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000Q.bin, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000Q.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000Q.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5874
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000R.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000R.bin, type = size, size_out = 8184 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000R.bin, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000R.bin, size = 8184, size_out = 8184 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000R.bin, size = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000R.bin, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000R.bin, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000R.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000R.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5878
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000S.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000S.bin, type = size, size_out = 4181 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000S.bin, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000S.bin, size = 4181, size_out = 4181 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000S.bin, size = 4192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000S.bin, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000S.bin, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000S.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000S.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x587c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000T.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000T.bin, type = size, size_out = 4190 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000T.bin, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000T.bin, size = 4190, size_out = 4190 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000T.bin, size = 4192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000T.bin, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000T.bin, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000T.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000T.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5880
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000U.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000U.bin, type = size, size_out = 13737 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000U.bin, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000U.bin, size = 13737, size_out = 13737 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000U.bin, size = 13744 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000U.bin, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000U.bin, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000U.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000U.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5884
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000V.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000V.bin, type = size, size_out = 4081 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000V.bin, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000V.bin, size = 4081, size_out = 4081 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000V.bin, size = 4096 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000V.bin, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000V.bin, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000V.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000V.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5888
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000010.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000010.bin, type = size, size_out = 1924 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000010.bin, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000010.bin, size = 1924, size_out = 1924 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000010.bin, size = 1936 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000010.bin, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000010.bin, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000010.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000010.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x588c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000011.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000011.bin, type = size, size_out = 2599 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000011.bin, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000011.bin, size = 2599, size_out = 2599 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000011.bin, size = 2608 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000011.bin, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000011.bin, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000011.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000011.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5890
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000012.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000012.bin, type = size, size_out = 11449 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000012.bin, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000012.bin, size = 11449, size_out = 11449 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000012.bin, size = 11456 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000012.bin, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000012.bin, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000012.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000012.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5894
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000013.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000013.bin, type = size, size_out = 14553 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000013.bin, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000013.bin, size = 14553, size_out = 14553 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000013.bin, size = 14560 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000013.bin, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000013.bin, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000013.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000013.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5898
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000014.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000014.bin, type = size, size_out = 11332 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000014.bin, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000014.bin, size = 11332, size_out = 11332 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000014.bin, size = 11344 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000014.bin, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000014.bin, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000014.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000014.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x589c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000015.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000015.bin, type = size, size_out = 13241 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000015.bin, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000015.bin, size = 13241, size_out = 13241 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000015.bin, size = 13248 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000015.bin, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000015.bin, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000015.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000015.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x58a0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000016.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000016.bin, type = size, size_out = 1570 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000016.bin, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000016.bin, size = 1570, size_out = 1570 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000016.bin, size = 1584 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000016.bin, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000016.bin, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000016.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000016.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x58a4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000017.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000017.bin, type = size, size_out = 11886 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000017.bin, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000017.bin, size = 11886, size_out = 11886 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000017.bin, size = 11888 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000017.bin, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000017.bin, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000017.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000017.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x58a8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000018.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000018.bin, type = size, size_out = 2270 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000018.bin, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000018.bin, size = 2270, size_out = 2270 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000018.bin, size = 2272 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000018.bin, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000018.bin, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000018.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000018.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x58ac
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003K.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003K.bin, type = size, size_out = 12288 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003K.bin, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000007.bin, size = 12288, size_out = 12288 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000007.bin, size = 12304 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000007.bin, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000007.bin, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003K.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003K.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x58b0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003L.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003L.bin, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003L.bin, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003L.bin, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003L.bin, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003L.bin, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003L.bin, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003L.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003L.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x58b4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003M.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003M.bin, type = size, size_out = 4096 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003M.bin, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003M.bin, size = 4096, size_out = 4096 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003M.bin, size = 4112 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003M.bin, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003M.bin, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003M.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003M.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x58b8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003N.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003N.bin, type = size, size_out = 32768 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003N.bin, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003N.bin, size = 32768, size_out = 32768 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003N.bin, size = 32784 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003N.bin, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003N.bin, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003N.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003N.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x58bc
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000048.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000048.bin, type = size, size_out = 49152 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000048.bin, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000048.bin, size = 49152, size_out = 49152 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000048.bin, size = 49168 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000048.bin, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000048.bin, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000048.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000048.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x58c0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000004U.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000004U.bin, type = size, size_out = 4096 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000004U.bin, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000004U.bin, size = 4096, size_out = 4096 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000004U.bin, size = 4112 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000004U.bin, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000004U.bin, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000004U.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000004U.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x58c4
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\header, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\header, type = size, size_out = 354 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\header, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\header, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\header.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\header, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\header.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x58d4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\TokenBroker\Cache\8d68c2e8263ce2da4efc5fc5f9a0c85c16c38ae4.tbres, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\TokenBroker\Cache\8d68c2e8263ce2da4efc5fc5f9a0c85c16c38ae4.tbres, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\TokenBroker\Cache\8d68c2e8263ce2da4efc5fc5f9a0c85c16c38ae4.tbres.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x58d8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\UserProfileRoaming\Latest.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\UserProfileRoaming\Latest.dat, type = size, size_out = 1 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\UserProfileRoaming\Latest.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\UserProfileRoaming\Latest.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x58e4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Visio\content16.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Visio\content16.dat.RYK, type = size, size_out = 276130 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Visio\content16.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x591c
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Sidebar\settings.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Sidebar\settings.ini, type = size, size_out = 80 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Sidebar\settings.ini, size = 80, size_out = 80 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Sidebar\settings.ini, size = 96 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Sidebar\settings.ini, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Sidebar\settings.ini, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Sidebar\settings.ini, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Sidebar\settings.ini.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5920
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5924
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5928
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x592c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5930
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.People_8wekyb3d8bbwe\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.People_8wekyb3d8bbwe\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.People_8wekyb3d8bbwe\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5934
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.People_8wekyb3d8bbwe\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.People_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.People_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5938
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x593c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5940
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\-IV4wPwFL.jpg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\-IV4wPwFL.jpg.RYK, type = size, size_out = 73042 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\-IV4wPwFL.jpg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5944
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\143D8HQ-K.flv.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\143D8HQ-K.flv.RYK, type = size, size_out = 18306 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\143D8HQ-K.flv.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5948
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\1h4xX.ots.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\1h4xX.ots.RYK, type = size, size_out = 41458 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\1h4xX.ots.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x594c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\1IfXYAEG.m4a.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\1IfXYAEG.m4a.RYK, type = size, size_out = 40434 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\1IfXYAEG.m4a.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5950
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\23-z26ppnFbb _N.m4a.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\23-z26ppnFbb _N.m4a.RYK, type = size, size_out = 11186 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\23-z26ppnFbb _N.m4a.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5954
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\8c 7fOguOClvgb97sIp.xls.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\8c 7fOguOClvgb97sIp.xls.RYK, type = size, size_out = 56498 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\8c 7fOguOClvgb97sIp.xls.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5958
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\a6WaOQ3LzAaGpXb88w.mkv.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\a6WaOQ3LzAaGpXb88w.mkv.RYK, type = size, size_out = 83074 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\a6WaOQ3LzAaGpXb88w.mkv.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x595c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\A9jMpUEC4IEAgPajkt.mp4.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\A9jMpUEC4IEAgPajkt.mp4.RYK, type = size, size_out = 59650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\A9jMpUEC4IEAgPajkt.mp4.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5960
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\b7YZ5uYsWzDT2Y.bmp.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\b7YZ5uYsWzDT2Y.bmp.RYK, type = size, size_out = 74850 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\b7YZ5uYsWzDT2Y.bmp.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5964
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\BNBRCSDfnG9Ly.wav.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\BNBRCSDfnG9Ly.wav.RYK, type = size, size_out = 52450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\BNBRCSDfnG9Ly.wav.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5968
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\bxFlFkFVlcBldzTF.jpg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\bxFlFkFVlcBldzTF.jpg.RYK, type = size, size_out = 14962 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\bxFlFkFVlcBldzTF.jpg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x596c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\BZuRj0Q.jpg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\BZuRj0Q.jpg.RYK, type = size, size_out = 79170 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\BZuRj0Q.jpg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5970
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\dUCn4607e5za GN.mp3.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\dUCn4607e5za GN.mp3.RYK, type = size, size_out = 65218 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\dUCn4607e5za GN.mp3.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5974
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EtFDxO.bmp.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EtFDxO.bmp.RYK, type = size, size_out = 43026 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EtFDxO.bmp.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5978
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\f4 q3WksJVrLw.pdf.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\f4 q3WksJVrLw.pdf.RYK, type = size, size_out = 56034 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\f4 q3WksJVrLw.pdf.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x597c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\I0iGbSjzdjNYzu.xls.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\I0iGbSjzdjNYzu.xls.RYK, type = size, size_out = 9362 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\I0iGbSjzdjNYzu.xls.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5980
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\PLDM5bj8U.mp3.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\PLDM5bj8U.mp3.RYK, type = size, size_out = 14114 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\PLDM5bj8U.mp3.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5984
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\qvZQXub6daTWFoSwVEJf.mp3.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\qvZQXub6daTWFoSwVEJf.mp3.RYK, type = size, size_out = 57970 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\qvZQXub6daTWFoSwVEJf.mp3.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5988
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\qXQ8-QdfHvdJ BwhQ9P9.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\qXQ8-QdfHvdJ BwhQ9P9.png.RYK, type = size, size_out = 6162 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\qXQ8-QdfHvdJ BwhQ9P9.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x598c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\sJNPBx1ehdBo.m4a.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\sJNPBx1ehdBo.m4a.RYK, type = size, size_out = 93682 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\sJNPBx1ehdBo.m4a.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5990
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\UFnTEli.xlsx.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\UFnTEli.xlsx.RYK, type = size, size_out = 48354 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\UFnTEli.xlsx.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5994
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\UUSs3AeMNCx54.jpg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\UUSs3AeMNCx54.jpg.RYK, type = size, size_out = 22194 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\UUSs3AeMNCx54.jpg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5998
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\u_t6UyUNmbL5JeN0Z.doc.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\u_t6UyUNmbL5JeN0Z.doc.RYK, type = size, size_out = 9362 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\u_t6UyUNmbL5JeN0Z.doc.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x599c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\WJPVs.mp4.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\WJPVs.mp4.RYK, type = size, size_out = 3602 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\WJPVs.mp4.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x59a0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\_ljjvK390Yct8JYbkw.mp3.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\_ljjvK390Yct8JYbkw.mp3.RYK, type = size, size_out = 39762 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\_ljjvK390Yct8JYbkw.mp3.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x59a4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x59a8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\counters.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\counters.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\counters.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x59ac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\IE\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\IE\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\IE\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\IE\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x59b0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\IE\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\IE\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\IE\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\IE\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x59b4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\MSIMGSIZ.DAT, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\MSIMGSIZ.DAT, type = size, size_out = 49120 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\MSIMGSIZ.DAT, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\MSIMGSIZ.DAT, size = 49120, size_out = 49120 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\MSIMGSIZ.DAT, size = 49136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\MSIMGSIZ.DAT, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\MSIMGSIZ.DAT, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\MSIMGSIZ.DAT, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\MSIMGSIZ.DAT.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x59b8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\SmartScreenCache.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\SmartScreenCache.dat, type = size, size_out = 123016 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\SmartScreenCache.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\SmartScreenCache.dat, size = 123016, size_out = 123016 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\SmartScreenCache.dat, size = 123024 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\SmartScreenCache.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\SmartScreenCache.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\SmartScreenCache.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\SmartScreenCache.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x59bc
18
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\SuggestedSites.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\SuggestedSites.dat, type = size, size_out = 5243012 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\SuggestedSites.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\SuggestedSites.dat, size = 16, size_out = 16 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\SuggestedSites.dat, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\SuggestedSites.dat, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\SuggestedSites.dat, size = 0, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\SuggestedSites.dat, size = 16 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\SuggestedSites.dat, size = 10 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\SuggestedSites.dat, size = 268 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\SuggestedSites.dat, size = 16 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\SuggestedSites.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\SuggestedSites.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x59c0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB.chk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB.chk.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB.chk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x59c4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x59c8
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB00006.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB00006.log, type = size, size_out = 2097442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB00006.log, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB00006.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB00006.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB00006.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB00006.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x59cc
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBres00001.jrs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBres00001.jrs, type = size, size_out = 2097152 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBres00001.jrs, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBres00001.jrs, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBres00001.jrs, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBres00001.jrs, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBres00001.jrs, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBres00001.jrs, size = 97152, size_out = 97152 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBres00001.jrs, size = 97168 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBres00001.jrs, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBres00001.jrs, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBres00001.jrs, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBres00001.jrs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x59d0
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBres00002.jrs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBres00002.jrs, type = size, size_out = 2097152 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBres00002.jrs, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBres00002.jrs, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBres00002.jrs, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBres00002.jrs, size = 1000000, size_out = 1000000 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBres00002.jrs, size = 1000000 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBres00002.jrs, size = 97152, size_out = 97152 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBres00002.jrs, size = 97168 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBres00002.jrs, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBres00002.jrs, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBres00002.jrs, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBres00002.jrs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x59d4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBtmp.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBtmp.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBtmp.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x59d8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\vedatamodel.edb, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\vedatamodel.edb, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\vedatamodel.edb.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x59dc
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\Temp\CalendarCache.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\Temp\CalendarCache.dat.RYK, type = size, size_out = 20 |
|
2 |
Thread 0x59e0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\store.vol.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\store.vol.RYK, type = size, size_out = 6291750 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\store.vol.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x59e4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.chk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.chk.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.chk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x59e8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.log.RYK, type = size, size_out = 3146018 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x59ec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00001.jrs.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00001.jrs.RYK, type = size, size_out = 3146018 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00001.jrs.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x59f0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00002.jrs.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00002.jrs.RYK, type = size, size_out = 3146018 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00002.jrs.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x59f4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USStmp.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USStmp.log.RYK, type = size, size_out = 3146018 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USStmp.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x59f8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x59fc
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\container.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\container.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x5a00
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\MSHist012019022720190228\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\MSHist012019022720190228\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\MSHist012019022720190228\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\MSHist012019022720190228\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5a04
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\container.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\container.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x5a08
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\IconCache.db, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\IconCache.db, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\IconCache.db.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5a0c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0\ngen.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0\ngen.log.RYK, type = size, size_out = 1042 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0\ngen.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5a10
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0_32\ngen.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0_32\ngen.log.RYK, type = size, size_out = 1026 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0_32\ngen.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5a14
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Credentials\DFBE70A7E5CC19A398EBF1B96859CE5D, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Credentials\DFBE70A7E5CC19A398EBF1B96859CE5D, type = size, size_out = 11264 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Credentials\DFBE70A7E5CC19A398EBF1B96859CE5D, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Credentials\DFBE70A7E5CC19A398EBF1B96859CE5D, size = 11264, size_out = 11264 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Credentials\DFBE70A7E5CC19A398EBF1B96859CE5D, size = 11280 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Credentials\DFBE70A7E5CC19A398EBF1B96859CE5D, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Credentials\DFBE70A7E5CC19A398EBF1B96859CE5D, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Credentials\DFBE70A7E5CC19A398EBF1B96859CE5D, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Credentials\DFBE70A7E5CC19A398EBF1B96859CE5D.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5a18
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\FeedsStore.feedsdb-ms.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\FeedsStore.feedsdb-ms.RYK, type = size, size_out = 5410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\FeedsStore.feedsdb-ms.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5a1c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\Internet Explorer Suggested Sites~.feed-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\Internet Explorer Suggested Sites~.feed-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\Internet Explorer Suggested Sites~.feed-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5a20
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\container.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\container.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x5a24
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\O593F7EE\ieonlinews.microsoft[1], desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\O593F7EE\ieonlinews.microsoft[1], type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\O593F7EE\ieonlinews.microsoft[1], destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\O593F7EE\ieonlinews.microsoft[1].RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5a28
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\FORMS\FRMDATA64.DAT.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\FORMS\FRMDATA64.DAT.RYK, type = size, size_out = 255186 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\FORMS\FRMDATA64.DAT.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5a2c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\GameDVR\KnownGameList.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\GameDVR\KnownGameList.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\GameDVR\KnownGameList.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5a30
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\brndlog.txt.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\brndlog.txt.RYK, type = size, size_out = 6866 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\brndlog.txt.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5a34
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DomainSuggestions\en-US.1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DomainSuggestions\en-US.1, type = size, size_out = 18466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DomainSuggestions\en-US.1, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DomainSuggestions\en-US.1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DomainSuggestions\en-US.1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DomainSuggestions\en-US.1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DomainSuggestions\en-US.1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5a38
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\52UK17NV\www.google[1].xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\52UK17NV\www.google[1].xml, type = size, size_out = 13 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\52UK17NV\www.google[1].xml, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\52UK17NV\www.google[1].xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5a3c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5a40
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\L8OQST1L\consent.google[1].xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\L8OQST1L\consent.google[1].xml, type = size, size_out = 13 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\L8OQST1L\consent.google[1].xml, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\L8OQST1L\consent.google[1].xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5a44
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\EmieBrowserModeList\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\EmieBrowserModeList\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\EmieBrowserModeList\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\EmieBrowserModeList\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5a48
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\EmieSiteList\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\EmieSiteList\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\EmieSiteList\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\EmieSiteList\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5a4c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\EmieUserList\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\EmieUserList\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\EmieUserList\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\EmieUserList\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5a50
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\ie4uinit-ClearIconCache.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\ie4uinit-ClearIconCache.log, type = size, size_out = 938 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\ie4uinit-ClearIconCache.log, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\ie4uinit-UserConfig.log, size = 938, size_out = 938 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\ie4uinit-UserConfig.log, size = 944 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\ie4uinit-UserConfig.log, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\ie4uinit-UserConfig.log, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\ie4uinit-ClearIconCache.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\ie4uinit-ClearIconCache.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5a54
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\ie4uinit-UserConfig.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\ie4uinit-UserConfig.log, type = size, size_out = 1586 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\ie4uinit-UserConfig.log, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\ie4uinit-UserConfig.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\ie4uinit-UserConfig.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\ie4uinit-UserConfig.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\ie4uinit-UserConfig.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5a58
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\IECompatData\iecompatdata.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\IECompatData\iecompatdata.xml, type = size, size_out = 3088 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\IECompatData\iecompatdata.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\IECompatData\iecompatdata.xml, size = 3088, size_out = 3088 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\IECompatData\iecompatdata.xml, size = 3104 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\IECompatData\iecompatdata.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\IECompatData\iecompatdata.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\IECompatData\iecompatdata.xml, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\IECompatData\iecompatdata.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5a5c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\IEFlipAheadCache\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\IEFlipAheadCache\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\IEFlipAheadCache\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\IEFlipAheadCache\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5a60
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\imagestore\sl72e5n\imagestore.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\imagestore\sl72e5n\imagestore.dat, type = size, size_out = 5652 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\imagestore\sl72e5n\imagestore.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\imagestore\sl72e5n\imagestore.dat, size = 5652, size_out = 5652 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Transcoded Files Cache\RyukReadMe.txt, size = 5664 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Transcoded Files Cache\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Transcoded Files Cache\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\imagestore\sl72e5n\imagestore.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\imagestore\sl72e5n\imagestore.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5a64
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT.RYK, type = size, size_out = 49410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5a68
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{63E26EB7-6816-11E7-9BD2-C40142ECDE47}.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{63E26EB7-6816-11E7-9BD2-C40142ECDE47}.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{63E26EB7-6816-11E7-9BD2-C40142ECDE47}.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5a6c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{94C50253-C9AC-11E7-9BDD-C40142ECDE47}.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{94C50253-C9AC-11E7-9BDD-C40142ECDE47}.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{94C50253-C9AC-11E7-9BDD-C40142ECDE47}.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5a70
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Tiles\pin-314712940\msapplication.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Tiles\pin-314712940\msapplication.xml, type = size, size_out = 417 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Tiles\pin-314712940\msapplication.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Tiles\pin-314712940\msapplication.xml, size = 417, size_out = 417 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Tiles\pin-314712940\msapplication.xml, size = 432 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Tiles\pin-314712940\msapplication.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Tiles\pin-314712940\msapplication.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Tiles\pin-314712940\msapplication.xml, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Tiles\pin-314712940\msapplication.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5a74
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\VersionManager\versionlist.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\VersionManager\versionlist.xml, type = size, size_out = 14438 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\VersionManager\versionlist.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\VersionManager\versionlist.xml, size = 14438, size_out = 14438 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\VersionManager\versionlist.xml, size = 14448 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\VersionManager\versionlist.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\VersionManager\versionlist.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\VersionManager\versionlist.xml, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\VersionManager\versionlist.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5a80
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\01_Music_auto_rated_at_5_stars.wpl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\01_Music_auto_rated_at_5_stars.wpl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\01_Music_auto_rated_at_5_stars.wpl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5a84
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\02_Music_added_in_the_last_month.wpl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\02_Music_added_in_the_last_month.wpl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\02_Music_added_in_the_last_month.wpl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5a88
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\03_Music_rated_at_4_or_5_stars.wpl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\03_Music_rated_at_4_or_5_stars.wpl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\03_Music_rated_at_4_or_5_stars.wpl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5a8c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\04_Music_played_in_the_last_month.wpl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\04_Music_played_in_the_last_month.wpl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\04_Music_played_in_the_last_month.wpl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5a90
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\05_Pictures_taken_in_the_last_month.wpl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\05_Pictures_taken_in_the_last_month.wpl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\05_Pictures_taken_in_the_last_month.wpl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5a94
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\06_Pictures_rated_4_or_5_stars.wpl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\06_Pictures_rated_4_or_5_stars.wpl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\06_Pictures_rated_4_or_5_stars.wpl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5a98
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\07_TV_recorded_in_the_last_week.wpl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\07_TV_recorded_in_the_last_week.wpl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\07_TV_recorded_in_the_last_week.wpl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5a9c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\08_Video_rated_at_4_or_5_stars.wpl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\08_Video_rated_at_4_or_5_stars.wpl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\08_Video_rated_at_4_or_5_stars.wpl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5aa0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\09_Music_played_the_most.wpl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\09_Music_played_the_most.wpl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\09_Music_played_the_most.wpl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5aa4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\10_All_Music.wpl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\10_All_Music.wpl, type = size, size_out = 1063 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\10_All_Music.wpl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\RyukReadMe.txt, size = 1063, size_out = 1063 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\RyukReadMe.txt, size = 1072 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\10_All_Music.wpl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\10_All_Music.wpl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5aa8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\11_All_Pictures.wpl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\11_All_Pictures.wpl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\11_All_Pictures.wpl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5aac
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\12_All_Video.wpl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\12_All_Video.wpl, type = size, size_out = 1079 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\12_All_Video.wpl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\RyukReadMe.txt, size = 1079, size_out = 1079 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\RyukReadMe.txt, size = 1088 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\12_All_Video.wpl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\12_All_Video.wpl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5ab0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\PowerP16.customUI.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\PowerP16.customUI.RYK, type = size, size_out = 3810 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\PowerP16.customUI.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5ab4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\Word16.customUI.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\Word16.customUI.RYK, type = size, size_out = 3794 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\Word16.customUI.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5ab8
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayLogo.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayLogo.png, type = size, size_out = 4946 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayLogo.png, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayLogo.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayLogo.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayLogo.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayLogo.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5abc
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayOptIn.gif, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayOptIn.gif, type = size, size_out = 383506 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayOptIn.gif, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayOptIn.gif, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayOptIn.gif.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayOptIn.gif, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayOptIn.gif.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5ac0
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayOptIn.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayOptIn.png, type = size, size_out = 10514 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayOptIn.png, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayOptIn.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayOptIn.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayOptIn.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayOptIn.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5ac4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\CollectOneDriveLogs.bat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\CollectOneDriveLogs.bat, type = size, size_out = 5850 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\CollectOneDriveLogs.bat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\CollectOneDriveLogs.bat, size = 5850, size_out = 5850 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\CollectOneDriveLogs.bat, size = 5856 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\CollectOneDriveLogs.bat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\CollectOneDriveLogs.bat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\CollectOneDriveLogs.bat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\CollectOneDriveLogs.bat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5ac8
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\ExclusionList.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\ExclusionList.xml, type = size, size_out = 20338 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\ExclusionList.xml, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\ExclusionList.xml, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\ExclusionList.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\ExclusionList.xml, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\ExclusionList.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5acc
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayLogo.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayLogo.png, type = size, size_out = 4946 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayLogo.png, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayLogo.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayLogo.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayLogo.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayLogo.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5ad0
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayOptIn.gif, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayOptIn.gif, type = size, size_out = 383506 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayOptIn.gif, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayOptIn.gif, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayOptIn.gif.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayOptIn.gif, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayOptIn.gif.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5ad4
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayOptIn.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayOptIn.png, type = size, size_out = 10514 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayOptIn.png, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayOptIn.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayOptIn.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayOptIn.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayOptIn.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5ad8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\CollectOneDriveLogs.bat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\CollectOneDriveLogs.bat, type = size, size_out = 5850 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\CollectOneDriveLogs.bat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\CollectOneDriveLogs.bat, size = 5850, size_out = 5850 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\CollectOneDriveLogs.bat, size = 5856 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\CollectOneDriveLogs.bat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\CollectOneDriveLogs.bat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\CollectOneDriveLogs.bat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\CollectOneDriveLogs.bat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5adc
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\ExclusionList.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\ExclusionList.xml, type = size, size_out = 20338 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\ExclusionList.xml, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\ExclusionList.xml, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\ExclusionList.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\ExclusionList.xml, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\ExclusionList.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5ae0
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\adm\OneDrive.adml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\adm\OneDrive.adml, type = size, size_out = 19890 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\adm\OneDrive.adml, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\adm\OneDrive.adml, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\adm\OneDrive.adml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\adm\OneDrive.adml, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\adm\OneDrive.adml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5ae4
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\adm\OneDrive.admx, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\adm\OneDrive.admx, type = size, size_out = 10114 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\adm\OneDrive.admx, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\adm\OneDrive.admx, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\adm\OneDrive.admx.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\adm\OneDrive.admx, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\adm\OneDrive.admx.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5ae8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\alertIcon.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\alertIcon.png.RYK, type = size, size_out = 994 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\alertIcon.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5aec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppBlue.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppBlue.png.RYK, type = size, size_out = 5778 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppBlue.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5af0
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppErrorBlue.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppErrorBlue.png, type = size, size_out = 7858 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppErrorBlue.png, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppErrorBlue.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppErrorBlue.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppErrorBlue.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppErrorBlue.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5af4
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppErrorWhite.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppErrorWhite.png, type = size, size_out = 8578 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppErrorWhite.png, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppErrorWhite.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppErrorWhite.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppErrorWhite.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppErrorWhite.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5af8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppWhite.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppWhite.png.RYK, type = size, size_out = 3330 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppWhite.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5afc
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AutoPlayOptIn.gif, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AutoPlayOptIn.gif, type = size, size_out = 383506 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AutoPlayOptIn.gif, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AutoPlayOptIn.gif, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AutoPlayOptIn.gif.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AutoPlayOptIn.gif, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AutoPlayOptIn.gif.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5b00
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AutoPlayOptIn.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\el\RyukReadMe.txt, type = size, size_out = 10514 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\el\RyukReadMe.txt, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AutoPlayOptIn.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AutoPlayOptIn.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AutoPlayOptIn.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AutoPlayOptIn.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5b04
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\CollectSyncLogs.bat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\CollectSyncLogs.bat, type = size, size_out = 6706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\CollectSyncLogs.bat, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\CollectSyncLogs.bat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\CollectSyncLogs.bat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\CollectSyncLogs.bat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\CollectSyncLogs.bat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5b0c
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ElevatedAppBlue.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ElevatedAppBlue.png, type = size, size_out = 7666 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ElevatedAppBlue.png, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ElevatedAppBlue.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ElevatedAppBlue.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ElevatedAppBlue.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ElevatedAppBlue.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5b10
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ElevatedAppWhite.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ElevatedAppWhite.png, type = size, size_out = 5068 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ElevatedAppWhite.png, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\eu\RyukReadMe.txt, size = 5068, size_out = 5068 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\eu\RyukReadMe.txt, size = 5072 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\eu\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\eu\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ElevatedAppWhite.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ElevatedAppWhite.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5b14
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\Error.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\Error.png.RYK, type = size, size_out = 8066 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\Error.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5b18
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ErrorPage.html.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ErrorPage.html.RYK, type = size, size_out = 5346 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ErrorPage.html.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5b34
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\acmDismissIcon.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\acmDismissIcon.svg, type = size, size_out = 2289 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\acmDismissIcon.svg, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\acmDismissIcon.svg, size = 2289, size_out = 2289 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\acmDismissIcon.svg, size = 2304 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\acmDismissIcon.svg, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\acmDismissIcon.svg, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\acmDismissIcon.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\acmDismissIcon.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5b38
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\blurrect.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\blurrect.png, type = size, size_out = 1090 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\blurrect.png, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\blurrect.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\blurrect.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\blurrect.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\blurrect.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5b3c
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_finished.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_finished.svg, type = size, size_out = 211 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_finished.svg, size = 211, size_out = 211 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_finished.svg, size = 224 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_finished.svg, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_finished.svg, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_finished.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_finished.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5b40
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_hovered.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_hovered.svg, type = size, size_out = 390 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_hovered.svg, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_hovered.svg, size = 390, size_out = 390 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_hovered.svg, size = 400 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_hovered.svg, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_hovered.svg, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_hovered.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_hovered.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5b44
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_in_progress.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_in_progress.svg, type = size, size_out = 391 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_in_progress.svg, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_in_progress.svg, size = 391, size_out = 391 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_in_progress.svg, size = 400 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_in_progress.svg, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_in_progress.svg, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_in_progress.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_in_progress.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5b48
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_selected.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_selected.svg, type = size, size_out = 388 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_selected.svg, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_selected.svg, size = 388, size_out = 388 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_selected.svg, size = 400 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_selected.svg, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_selected.svg, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_selected.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_selected.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5b4c
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\chevron.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\chevron.svg, type = size, size_out = 578 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\chevron.svg, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\chevron.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\chevron.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\chevron.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\chevron.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5b50
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\chevronUp.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\chevronUp.svg, type = size, size_out = 264 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\chevronUp.svg, size = 264, size_out = 264 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\chevronUp.svg, size = 272 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\chevronUp.svg, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\chevronUp.svg, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\chevronUp.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\chevronUp.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5b54
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\cloud.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\cloud.svg, type = size, size_out = 2018 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\cloud.svg, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\cloud.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\cloud.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\cloud.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\cloud.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5b58
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\done_graphic.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\done_graphic.svg, type = size, size_out = 32373 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\done_graphic.svg, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\done_graphic.svg, size = 32373, size_out = 32373 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder.svg, size = 32384 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder.svg, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder.svg, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\done_graphic.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\done_graphic.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5b5c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\errorIcon.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\errorIcon.svg, type = size, size_out = 797 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\errorIcon.svg, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\errorIcon.svg, size = 797, size_out = 797 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\errorIcon.svg, size = 800 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\errorIcon.svg, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\errorIcon.svg, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\errorIcon.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\errorIcon.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5b60
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder.svg, type = size, size_out = 578 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder.svg, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5b64
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_desktop.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\stackedIceCubes.svg, type = size, size_out = 1947 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\stackedIceCubes.svg, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\stackedIceCubes.svg, size = 1947, size_out = 1947 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\stackedIceCubes.svg, size = 1952 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\stackedIceCubes.svg, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\stackedIceCubes.svg, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_desktop.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_desktop.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5b68
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_documents.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_documents.svg, type = size, size_out = 20529 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_documents.svg, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_documents.svg, size = 20529, size_out = 20529 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_documents.svg, size = 20544 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_documents.svg, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_documents.svg, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_documents.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_documents.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5b6c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_pictures.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_pictures.svg, type = size, size_out = 12544 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_pictures.svg, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_pictures.svg, size = 12544, size_out = 12544 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_pictures.svg, size = 12560 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_pictures.svg, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_pictures.svg, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_pictures.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_pictures.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5b70
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\iceBucket.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\iceBucket.svg, type = size, size_out = 5934 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\iceBucket.svg, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\iceBucket.svg, size = 5934, size_out = 5934 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\iceBucket.svg, size = 5936 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\iceBucket.svg, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\iceBucket.svg, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\iceBucket.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\iceBucket.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5b74
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\loading.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\loading.svg, type = size, size_out = 994 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\loading.svg, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\loading.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\loading.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\loading.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\loading.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5b78
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\loading_spinner.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\loading_spinner.svg, type = size, size_out = 432 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\loading_spinner.svg, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\loading_spinner.svg, size = 432, size_out = 432 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\loading_spinner.svg, size = 448 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\loading_spinner.svg, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\loading_spinner.svg, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\loading_spinner.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\loading_spinner.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5b7c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onDemandFiles.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onDemandFiles.svg, type = size, size_out = 7504 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onDemandFiles.svg, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onDemandFiles.svg, size = 7504, size_out = 7504 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onDemandFiles.svg, size = 7520 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onDemandFiles.svg, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onDemandFiles.svg, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onDemandFiles.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onDemandFiles.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5b80
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onDemandSelectiveSync.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onDemandSelectiveSync.svg, type = size, size_out = 2644 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onDemandSelectiveSync.svg, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onDemandSelectiveSync.svg, size = 2644, size_out = 2644 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onDemandSelectiveSync.svg, size = 2656 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onDemandSelectiveSync.svg, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onDemandSelectiveSync.svg, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onDemandSelectiveSync.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onDemandSelectiveSync.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5b84
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onedrivePremium.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onedrivePremium.svg, type = size, size_out = 1132 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onedrivePremium.svg, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onedrivePremium.svg, size = 1132, size_out = 1132 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onedrivePremium.svg, size = 1136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onedrivePremium.svg, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onedrivePremium.svg, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onedrivePremium.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onedrivePremium.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5b88
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\overflowIcon.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\overflowIcon.svg, type = size, size_out = 987 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\overflowIcon.svg, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\overflowIcon.svg, size = 987, size_out = 987 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\overflowIcon.svg, size = 992 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\overflowIcon.svg, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\overflowIcon.svg, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\overflowIcon.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\overflowIcon.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5b8c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\overflowIconWhite.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\overflowIconWhite.svg, type = size, size_out = 912 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\overflowIconWhite.svg, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\overflowIconWhite.svg, size = 912, size_out = 912 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\overflowIconWhite.svg, size = 928 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\overflowIconWhite.svg, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\overflowIconWhite.svg, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\overflowIconWhite.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\overflowIconWhite.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5b90
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\partiallyFreezing.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\partiallyFreezing.svg, type = size, size_out = 4407 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\partiallyFreezing.svg, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\partiallyFreezing.svg, size = 4407, size_out = 4407 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\partiallyFreezing.svg, size = 4416 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\partiallyFreezing.svg, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\partiallyFreezing.svg, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\partiallyFreezing.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\partiallyFreezing.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5b94
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\settings.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\settings.svg, type = size, size_out = 1666 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\settings.svg, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\settings.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\settings.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\settings.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\settings.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5b98
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\settingsdisabled.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\settingsdisabled.svg, type = size, size_out = 1391 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\settingsdisabled.svg, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\settingsdisabled.svg, size = 1391, size_out = 1391 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\settingsdisabled.svg, size = 1392 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\settingsdisabled.svg, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\settingsdisabled.svg, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\settingsdisabled.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\settingsdisabled.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5b9c
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\signIn.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\signIn.svg, type = size, size_out = 11218 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\signIn.svg, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\signIn.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\signIn.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\signIn.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\signIn.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5ba0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\stackedIceCubes.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\stackedIceCubes.svg, type = size, size_out = 4807 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\stackedIceCubes.svg, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\stackedIceCubes.svg, size = 4807, size_out = 4807 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\stackedIceCubes.svg, size = 4816 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\stackedIceCubes.svg, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\stackedIceCubes.svg, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\stackedIceCubes.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\stackedIceCubes.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5ba4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\waterGlass.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\waterGlass.svg, type = size, size_out = 1837 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\waterGlass.svg, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\waterGlass.svg, size = 1837, size_out = 1837 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\waterGlass.svg, size = 1840 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\waterGlass.svg, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\waterGlass.svg, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\waterGlass.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\waterGlass.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5bac
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\LoadingPage.html, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\LoadingPage.html, type = size, size_out = 6690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\LoadingPage.html, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\LoadingPage.html, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\LoadingPage.html.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\LoadingPage.html, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\LoadingPage.html.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5bb0
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\OneDriveLogo.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\OneDriveLogo.png, type = size, size_out = 4946 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\OneDriveLogo.png, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\OneDriveLogo.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\OneDriveLogo.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\OneDriveLogo.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\OneDriveLogo.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5bb8
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\fabricmdl2.ttf, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\fabricmdl2.ttf, type = size, size_out = 106866 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\fabricmdl2.ttf, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\fabricmdl2.ttf, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\fabricmdl2.ttf.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\fabricmdl2.ttf, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\fabricmdl2.ttf.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5bbc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls\Styles\Flat\qmldir, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls\Styles\Flat\qmldir, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls\Styles\Flat\qmldir.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5bc0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls\Styles\qmldir, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls\Styles\qmldir, type = size, size_out = 1575 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls\Styles\qmldir, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls\Styles\qmldir, size = 1575, size_out = 1575 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls\Styles\qmldir, size = 1584 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls\Styles\qmldir, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls\Styles\qmldir, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls\Styles\qmldir, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls\Styles\qmldir.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5bcc
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\Button.qml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\Button.qml, type = size, size_out = 3584 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\Button.qml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\Button.qml, size = 3584, size_out = 3584 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\Button.qml, size = 3600 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\Button.qml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\Button.qml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\Button.qml, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\Button.qml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5bd0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\Menu.qml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\Menu.qml, type = size, size_out = 2865 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\Menu.qml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\Menu.qml, size = 2865, size_out = 2865 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\Menu.qml, size = 2880 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\Menu.qml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\Menu.qml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\Menu.qml, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\Menu.qml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5bd4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\MenuItem.qml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\MenuItem.qml, type = size, size_out = 3646 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\MenuItem.qml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\qmldir, size = 3646, size_out = 3646 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\qmldir, size = 3648 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\qmldir, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\qmldir, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\MenuItem.qml, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\MenuItem.qml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5bd8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\plugins.qmltypes, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\plugins.qmltypes, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\plugins.qmltypes.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5bdc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ProgressBar.qml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ProgressBar.qml, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ProgressBar.qml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5be0
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\qmldir, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\qmldir, type = size, size_out = 140 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\qmldir, size = 140, size_out = 140 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\qmldir, size = 144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\qmldir, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\qmldir, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\qmldir, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\qmldir.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5be4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ScrollBar.qml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ScrollBar.qml, type = size, size_out = 3130 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ScrollBar.qml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ScrollBar.qml, size = 3130, size_out = 3130 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ScrollBar.qml, size = 3136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ScrollBar.qml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ScrollBar.qml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ScrollBar.qml, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ScrollBar.qml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5be8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ScrollIndicator.qml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ScrollIndicator.qml, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ScrollIndicator.qml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5bf0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Extras\plugins.qmltypes, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Extras\plugins.qmltypes, type = size, size_out = 29879 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Extras\plugins.qmltypes, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Extras\plugins.qmltypes, size = 29879, size_out = 29879 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Extras\plugins.qmltypes, size = 29888 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Extras\plugins.qmltypes, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Extras\plugins.qmltypes, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Extras\plugins.qmltypes, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Extras\plugins.qmltypes.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5bf4
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Extras\qmldir, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Extras\qmldir, type = size, size_out = 144 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Extras\qmldir, size = 144, size_out = 144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Extras\qmldir, size = 160 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Extras\qmldir, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Extras\qmldir, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Extras\qmldir, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Extras\qmldir.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5bf8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Layouts\plugins.qmltypes, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Layouts\plugins.qmltypes, type = size, size_out = 3790 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Layouts\plugins.qmltypes, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Layouts\plugins.qmltypes, size = 3790, size_out = 3790 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Layouts\plugins.qmltypes, size = 3792 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Layouts\plugins.qmltypes, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Layouts\plugins.qmltypes, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Layouts\plugins.qmltypes, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Layouts\plugins.qmltypes.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5bfc
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Layouts\qmldir, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Layouts\qmldir, type = size, size_out = 130 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Layouts\qmldir, size = 130, size_out = 130 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Layouts\qmldir, size = 144 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Layouts\qmldir, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Layouts\qmldir, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Layouts\qmldir, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Layouts\qmldir.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x58cc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Templates.2\plugins.qmltypes, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Templates.2\plugins.qmltypes, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Templates.2\plugins.qmltypes.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xe58
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Templates.2\qmldir, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Templates.2\qmldir, type = size, size_out = 121 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Templates.2\qmldir, size = 121, size_out = 121 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Templates.2\qmldir, size = 128 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Templates.2\qmldir, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Templates.2\qmldir, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Templates.2\qmldir, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Templates.2\qmldir.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x58ec
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Window.2\plugins.qmltypes, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Window.2\plugins.qmltypes, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Window.2\plugins.qmltypes.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x58f8
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Window.2\qmldir, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Window.2\qmldir, type = size, size_out = 122 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Window.2\qmldir, size = 122, size_out = 122 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Window.2\qmldir, size = 128 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Window.2\qmldir, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Window.2\qmldir, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Window.2\qmldir, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Window.2\qmldir.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5770
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick.2\plugins.qmltypes, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick.2\plugins.qmltypes, type = size, size_out = 185682 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick.2\plugins.qmltypes, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick.2\plugins.qmltypes, size = 185682, size_out = 185682 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick.2\plugins.qmltypes, size = 185696 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick.2\plugins.qmltypes, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick.2\plugins.qmltypes, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick.2\plugins.qmltypes, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick.2\plugins.qmltypes.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5818
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick.2\qmldir, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick.2\plugins.qmltypes, type = size, size_out = 111 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick.2\plugins.qmltypes, size = 111, size_out = 111 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick.2\plugins.qmltypes, size = 112 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick.2\plugins.qmltypes, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick.2\plugins.qmltypes, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick.2\qmldir, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick.2\qmldir.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x57b4
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaCritical.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaCritical.png, type = size, size_out = 9090 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaCritical.png, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaCritical.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaCritical.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaCritical.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaCritical.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5910
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaError.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaError.png.RYK, type = size, size_out = 9570 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaError.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x57ac
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaNearing.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaNearing.png, type = size, size_out = 7794 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaNearing.png, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaNearing.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaNearing.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaNearing.png, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaNearing.png.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5914
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\SaveApplicationEventLogs.wsf, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\SaveApplicationEventLogs.wsf, type = size, size_out = 1493 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\SaveApplicationEventLogs.wsf, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\SaveApplicationEventLogs.wsf, size = 1493, size_out = 1493 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\SaveApplicationEventLogs.wsf, size = 1504 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\SaveApplicationEventLogs.wsf, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\SaveApplicationEventLogs.wsf, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\SaveApplicationEventLogs.wsf, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\SaveApplicationEventLogs.wsf.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x58e0
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ScreenshotOptIn.gif, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ScreenshotOptIn.gif, type = size, size_out = 243778 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ScreenshotOptIn.gif, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ScreenshotOptIn.gif, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ScreenshotOptIn.gif.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ScreenshotOptIn.gif, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ScreenshotOptIn.gif.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x590c
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\TestSharePage.html, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\TestSharePage.html, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\TestSharePage.html, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\TestSharePage.html, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\TestSharePage.html.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\TestSharePage.html, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\TestSharePage.html.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5908
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ThirdPartyNotices.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ThirdPartyNotices.txt, type = size, size_out = 49129 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ThirdPartyNotices.txt, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ThirdPartyNotices.txt, size = 49129, size_out = 49129 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ThirdPartyNotices.txt, size = 49136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ThirdPartyNotices.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ThirdPartyNotices.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ThirdPartyNotices.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ThirdPartyNotices.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5900
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\Warning.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\Warning.png.RYK, type = size, size_out = 2882 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\Warning.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x58e8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-12.641.736.1.odl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-12.641.736.1.odl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-12.641.736.1.odl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5918
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-13.114.4068.1.odl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-13.114.4068.1.odl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-13.114.4068.1.odl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x244c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-13.2154.3480.1.odl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-13.2154.3480.1.odl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-13.2154.3480.1.odl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5b08
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-18.2324.2928.1.odl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-18.2324.2928.1.odl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-18.2324.2928.1.odl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5b28
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-21.155.3700.1.odl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-21.155.3700.1.odl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-21.155.3700.1.odl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x2470
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-9-26.2241.1252.1.odl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-9-26.2241.1252.1.odl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-9-26.2241.1252.1.odl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x57b0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-9-26.63.3668.1.odl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-9-26.63.3668.1.odl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-9-26.63.3668.1.odl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x58c8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\standaloneUpdaterTelemetryCache.otc, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\standaloneUpdaterTelemetryCache.otc, type = size, size_out = 20480 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\standaloneUpdaterTelemetryCache.otc, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\standaloneUpdaterTelemetryCache.otc, size = 20480, size_out = 20480 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\standaloneUpdaterTelemetryCache.otc, size = 20496 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\standaloneUpdaterTelemetryCache.otc, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\standaloneUpdaterTelemetryCache.otc, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\standaloneUpdaterTelemetryCache.otc, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\standaloneUpdaterTelemetryCache.otc.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5c04
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\standaloneUpdaterTelemetryCache.otc.session, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\standaloneUpdaterTelemetryCache.otc.session, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\standaloneUpdaterTelemetryCache.otc.session.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5c08
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\telemetryCache.otc.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\telemetryCache.otc.RYK, type = size, size_out = 10517214 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\telemetryCache.otc.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5c0c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\telemetryCache.otc.session, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\telemetryCache.otc.session, type = size, size_out = 66168 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\telemetryCache.otc.session, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\telemetryCache.otc.session, size = 66168, size_out = 66168 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\4BF4C442-9B8A-41A0-B380-DD4A704DDB28\RyukReadMe.txt, size = 66176 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\4BF4C442-9B8A-41A0-B380-DD4A704DDB28\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\4BF4C442-9B8A-41A0-B380-DD4A704DDB28\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\telemetryCache.otc.session, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\telemetryCache.otc.session.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5c10
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceArchive.5892.0626-0.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceArchive.5892.0626-0.etl, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceArchive.5892.0626-0.etl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceArchive.5892.0626-0.etl, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceArchive.5892.0626-0.etl, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceArchive.5892.0626-0.etl, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceArchive.5892.0626-0.etl, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceArchive.5892.0626-0.etl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceArchive.5892.0626-0.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5c14
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceArchive.6917.0607-1.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceArchive.6917.0607-1.etl, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceArchive.6917.0607-1.etl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceArchive.6917.0607-1.etl, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceArchive.6917.0607-1.etl, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceArchive.6917.0607-1.etl, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceArchive.6917.0607-1.etl, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceArchive.6917.0607-1.etl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceArchive.6917.0607-1.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5c18
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceCurrent.6998.0830.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceCurrent.6998.0830.etl, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceCurrent.6998.0830.etl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceCurrent.6998.0830.etl, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceCurrent.6998.0830.etl, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceCurrent.6998.0830.etl, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceCurrent.6998.0830.etl, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceCurrent.6998.0830.etl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceCurrent.6998.0830.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5c1c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\OneDrivePersonal.cmd.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\OneDrivePersonal.cmd.RYK, type = size, size_out = 354 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\OneDrivePersonal.cmd.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5c20
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_121120_934-848.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_121120_934-848.log, type = size, size_out = 9360 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_121120_934-848.log, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_121120_934-848.log, size = 9360, size_out = 9360 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_121120_934-848.log, size = 9376 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_121120_934-848.log, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_121120_934-848.log, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_121120_934-848.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_121120_934-848.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5c24
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_121121_d68-ddc.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_121121_d68-ddc.log, type = size, size_out = 8714 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_121121_d68-ddc.log, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_121121_d68-ddc.log, size = 8714, size_out = 8714 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_121121_d68-ddc.log, size = 8720 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_121121_d68-ddc.log, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_121121_d68-ddc.log, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_121121_d68-ddc.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_121121_d68-ddc.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5c28
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_123817_760-808.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_123817_760-808.log, type = size, size_out = 9360 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_123817_760-808.log, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_123817_760-808.log, size = 9360, size_out = 9360 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_123817_760-808.log, size = 9376 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_123817_760-808.log, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_123817_760-808.log, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_123817_760-808.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_123817_760-808.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5c2c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_123818_e38-824.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_123818_e38-824.log, type = size, size_out = 8714 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_123818_e38-824.log, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_123818_e38-824.log, size = 8714, size_out = 8714 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_123818_e38-824.log, size = 8720 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_123818_e38-824.log, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_123818_e38-824.log, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_123818_e38-824.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_123818_e38-824.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5c30
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_133220_864-704.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_133220_864-704.log, type = size, size_out = 9374 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_133220_864-704.log, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_133220_864-704.log, size = 9374, size_out = 9374 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_133220_864-704.log, size = 9376 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_133220_864-704.log, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_133220_864-704.log, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_133220_864-704.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_133220_864-704.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5c34
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_133220_ae0-29c.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_133220_ae0-29c.log, type = size, size_out = 8696 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_133220_ae0-29c.log, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_133220_ae0-29c.log, size = 8696, size_out = 8696 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_133220_ae0-29c.log, size = 8704 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_133220_ae0-29c.log, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_133220_ae0-29c.log, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_133220_ae0-29c.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_133220_ae0-29c.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5c38
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-05-24_104601_b30-494.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-05-24_104601_b30-494.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-05-24_104601_b30-494.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5c3c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-07-12_164141_b14-7f0.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-07-12_164141_b14-7f0.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-07-12_164141_b14-7f0.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5c40
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-09-26_160326_bb4-8e8.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-09-26_160326_bb4-8e8.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-09-26_160326_bb4-8e8.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5c44
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-05-24_104600_528-57c.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-05-24_104600_528-57c.log, type = size, size_out = 93926 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-05-24_104600_528-57c.log, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-05-24_104600_528-57c.log, size = 93926, size_out = 93926 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-05-24_104600_528-57c.log, size = 93936 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-05-24_104600_528-57c.log, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-05-24_104600_528-57c.log, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-05-24_104600_528-57c.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-05-24_104600_528-57c.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5c48
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-07-12_164138_904-4d0.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-07-12_164138_904-4d0.log, type = size, size_out = 112794 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-07-12_164138_904-4d0.log, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-07-12_164138_904-4d0.log, size = 112794, size_out = 112794 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-07-12_164138_904-4d0.log, size = 112800 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-07-12_164138_904-4d0.log, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-07-12_164138_904-4d0.log, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-07-12_164138_904-4d0.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-07-12_164138_904-4d0.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5c4c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-09-26_160323_3a0-354.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-09-26_160323_3a0-354.log, type = size, size_out = 119520 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-09-26_160323_3a0-354.log, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-09-26_160323_3a0-354.log, size = 119520, size_out = 119520 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-09-26_160323_3a0-354.log, size = 119536 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-09-26_160323_3a0-354.log, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-09-26_160323_3a0-354.log, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-09-26_160323_3a0-354.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-09-26_160323_3a0-354.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5c50
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc, type = size, size_out = 20480 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc, size = 20480, size_out = 20480 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc, size = 20496 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5c58
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc.session, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc.session, type = size, size_out = 20480 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc.session, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc.session, size = 20480, size_out = 20480 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc.session, size = 20496 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc.session, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc.session, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc.session, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc.session.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5c5c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-12_164130_2e0-2c8.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-12_164130_2e0-2c8.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-12_164130_2e0-2c8.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5c60
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-13_111425_fe4-f74.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-13_111425_fe4-f74.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-13_111425_fe4-f74.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5c64
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-14_075507_d98-d94.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-14_075507_d98-d94.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-14_075507_d98-d94.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5c68
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-19_092447_b70-3a8.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-19_092447_b70-3a8.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-19_092447_b70-3a8.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5c6c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-21_115555_e74-e78.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-21_115555_e74-e78.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-21_115555_e74-e78.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5c70
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-09-26_160311_e54-e58.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-09-26_160311_e54-e58.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-09-26_160311_e54-e58.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5c74
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-09-27_084159_4e4-594.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-09-27_084159_4e4-594.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-09-27_084159_4e4-594.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5c78
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc, type = size, size_out = 20770 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5c7c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc.session, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc.session, type = size, size_out = 20480 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc.session, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc.session, size = 20480, size_out = 20480 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc.session, size = 20496 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc.session, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc.session, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc.session, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc.session.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5c80
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\StandaloneUpdater\Update.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\StandaloneUpdater\Update.xml.RYK, type = size, size_out = 674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\StandaloneUpdater\Update.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5c94
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000000.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000000.bin.RYK, type = size, size_out = 12578 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000000.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5c98
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000001.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000001.bin.RYK, type = size, size_out = 20770 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000001.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5c9c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000004.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000004.bin.RYK, type = size, size_out = 14738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000004.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5ca0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000005.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000005.bin.RYK, type = size, size_out = 19522 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000005.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5ca4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000006.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000006.bin.RYK, type = size, size_out = 1890 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000006.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5ca8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000007.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000007.bin.RYK, type = size, size_out = 2514 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000007.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5cac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000008.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000008.bin.RYK, type = size, size_out = 3954 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000008.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5cb0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000009.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000009.bin.RYK, type = size, size_out = 13314 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000009.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5cb4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000C.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000C.bin.RYK, type = size, size_out = 5666 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000C.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5cb8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000D.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000D.bin.RYK, type = size, size_out = 7650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000D.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5cbc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000F.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000F.bin.RYK, type = size, size_out = 5122 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000F.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5cc0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000G.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000G.bin.RYK, type = size, size_out = 2498 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000G.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5cc4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000H.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000H.bin.RYK, type = size, size_out = 1938 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000H.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5cc8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000I.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000I.bin.RYK, type = size, size_out = 4162 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000I.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5ccc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000J.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000J.bin.RYK, type = size, size_out = 13362 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000J.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5cd0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000L.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000L.bin.RYK, type = size, size_out = 2610 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000L.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5cd4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000M.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000M.bin.RYK, type = size, size_out = 4466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000M.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5cd8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000N.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000N.bin.RYK, type = size, size_out = 22914 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000N.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5cdc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000O.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000O.bin.RYK, type = size, size_out = 16290 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000O.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5ce0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000P.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000P.bin.RYK, type = size, size_out = 17570 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000P.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5ce4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000Q.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000Q.bin.RYK, type = size, size_out = 4770 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000Q.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5ce8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000R.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000R.bin.RYK, type = size, size_out = 8466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000R.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5cec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000S.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000S.bin.RYK, type = size, size_out = 4466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000S.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5cf0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000T.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000T.bin.RYK, type = size, size_out = 4466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000T.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5cf4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000U.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000U.bin.RYK, type = size, size_out = 14018 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000U.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5cf8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000V.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000V.bin.RYK, type = size, size_out = 4370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000V.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5cfc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000010.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000010.bin.RYK, type = size, size_out = 2210 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000010.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5d00
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000011.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000011.bin.RYK, type = size, size_out = 2882 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000011.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5d04
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000012.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000012.bin.RYK, type = size, size_out = 11730 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000012.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5d08
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000013.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000013.bin.RYK, type = size, size_out = 14834 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000013.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5d0c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000014.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000014.bin.RYK, type = size, size_out = 11618 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000014.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5d10
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000015.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000015.bin.RYK, type = size, size_out = 13522 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000015.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5d14
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000016.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000016.bin.RYK, type = size, size_out = 1858 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000016.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5d18
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000017.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000017.bin.RYK, type = size, size_out = 12162 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000017.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5d1c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000018.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000018.bin.RYK, type = size, size_out = 2546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000018.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5d20
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003K.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003K.bin.RYK, type = size, size_out = 12578 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003K.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5d24
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003L.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003L.bin.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003L.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5d28
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003M.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003M.bin.RYK, type = size, size_out = 4386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003M.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5d2c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003N.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003N.bin.RYK, type = size, size_out = 33058 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003N.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5d30
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000048.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000048.bin.RYK, type = size, size_out = 49442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000048.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5d34
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000004U.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000004U.bin.RYK, type = size, size_out = 4386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000004U.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5d38
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\header.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\header.RYK, type = size, size_out = 354 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\header.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5d3c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\TokenBroker\Cache\8d68c2e8263ce2da4efc5fc5f9a0c85c16c38ae4.tbres, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\TokenBroker\Cache\8d68c2e8263ce2da4efc5fc5f9a0c85c16c38ae4.tbres, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\TokenBroker\Cache\8d68c2e8263ce2da4efc5fc5f9a0c85c16c38ae4.tbres.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5d40
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\4BF4C442-9B8A-41A0-B380-DD4A704DDB28\Policy.vpol, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\4BF4C442-9B8A-41A0-B380-DD4A704DDB28\Policy.vpol, type = size, size_out = 436 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\4BF4C442-9B8A-41A0-B380-DD4A704DDB28\Policy.vpol, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\4BF4C442-9B8A-41A0-B380-DD4A704DDB28\Policy.vpol, size = 436, size_out = 436 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\4BF4C442-9B8A-41A0-B380-DD4A704DDB28\Policy.vpol, size = 448 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\4BF4C442-9B8A-41A0-B380-DD4A704DDB28\Policy.vpol, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\4BF4C442-9B8A-41A0-B380-DD4A704DDB28\Policy.vpol, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\4BF4C442-9B8A-41A0-B380-DD4A704DDB28\Policy.vpol, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\4BF4C442-9B8A-41A0-B380-DD4A704DDB28\Policy.vpol.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5d48
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\UserProfileRoaming\Latest.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\UserProfileRoaming\Latest.dat.RYK, type = size, size_out = 1 |
|
2 |
Thread 0x5d4c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Visio\content16.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Visio\content16.dat.RYK, type = size, size_out = 276130 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Visio\content16.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5d50
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Sidebar\settings.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Sidebar\settings.ini.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Sidebar\settings.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5d54
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_bingpagedata\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_bingpagedata\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_bingpagedata\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5d58
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_DNTException\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_DNTException\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_DNTException\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5d5c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_iecompat\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_iecompat\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_iecompat\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5d60
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_iecompat\IECompatData.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_iecompat\IECompatData.xml, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_iecompat\IECompatData.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5d64
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_iecompatua\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_iecompatua\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_iecompatua\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5d68
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_ieflipahead\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_ieflipahead\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_ieflipahead\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5d6c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.3DBuilder_8wekyb3d8bbwe\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.3DBuilder_8wekyb3d8bbwe\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.3DBuilder_8wekyb3d8bbwe\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.3DBuilder_8wekyb3d8bbwe\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5d70
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.3DBuilder_8wekyb3d8bbwe\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.3DBuilder_8wekyb3d8bbwe\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.3DBuilder_8wekyb3d8bbwe\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.3DBuilder_8wekyb3d8bbwe\Settings\settings.dat, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.3DBuilder_8wekyb3d8bbwe\Settings\settings.dat, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.3DBuilder_8wekyb3d8bbwe\Settings\settings.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.3DBuilder_8wekyb3d8bbwe\Settings\settings.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.3DBuilder_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.3DBuilder_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5d74
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5d78
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5d7c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5d80
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5d84
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5d88
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5d8c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5d90
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5d94
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Appconnector_8wekyb3d8bbwe\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Appconnector_8wekyb3d8bbwe\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Appconnector_8wekyb3d8bbwe\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Appconnector_8wekyb3d8bbwe\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5d98
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Appconnector_8wekyb3d8bbwe\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Appconnector_8wekyb3d8bbwe\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Appconnector_8wekyb3d8bbwe\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingFinance_8wekyb3d8bbwe\AC\RyukReadMe.txt, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingFinance_8wekyb3d8bbwe\AC\RyukReadMe.txt, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingFinance_8wekyb3d8bbwe\AC\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingFinance_8wekyb3d8bbwe\AC\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Appconnector_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Appconnector_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5d9c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingFinance_8wekyb3d8bbwe\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingFinance_8wekyb3d8bbwe\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingFinance_8wekyb3d8bbwe\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingFinance_8wekyb3d8bbwe\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5da0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingFinance_8wekyb3d8bbwe\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingFinance_8wekyb3d8bbwe\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingFinance_8wekyb3d8bbwe\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingNews_8wekyb3d8bbwe\LocalState\RyukReadMe.txt, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingNews_8wekyb3d8bbwe\LocalState\RyukReadMe.txt, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingNews_8wekyb3d8bbwe\LocalState\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingNews_8wekyb3d8bbwe\LocalState\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingFinance_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingFinance_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5da4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingNews_8wekyb3d8bbwe\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingNews_8wekyb3d8bbwe\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingNews_8wekyb3d8bbwe\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingNews_8wekyb3d8bbwe\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5da8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingNews_8wekyb3d8bbwe\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingNews_8wekyb3d8bbwe\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingNews_8wekyb3d8bbwe\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingNews_8wekyb3d8bbwe\Settings\settings.dat, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingNews_8wekyb3d8bbwe\Settings\settings.dat, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingNews_8wekyb3d8bbwe\Settings\settings.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingNews_8wekyb3d8bbwe\Settings\settings.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingNews_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingNews_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5dac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingSports_8wekyb3d8bbwe\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingSports_8wekyb3d8bbwe\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingSports_8wekyb3d8bbwe\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingSports_8wekyb3d8bbwe\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5db0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingSports_8wekyb3d8bbwe\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingSports_8wekyb3d8bbwe\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingSports_8wekyb3d8bbwe\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingSports_8wekyb3d8bbwe\Settings\settings.dat, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingSports_8wekyb3d8bbwe\Settings\settings.dat, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingSports_8wekyb3d8bbwe\Settings\settings.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingSports_8wekyb3d8bbwe\Settings\settings.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingSports_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingSports_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5db4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5db8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Settings\settings.dat, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Settings\settings.dat, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Settings\settings.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Settings\settings.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5dbc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5dc0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\RyukReadMe.txt, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\RyukReadMe.txt, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5dc4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5dc8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5dcc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5dd0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\Settings\settings.dat, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\Settings\settings.dat, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\Settings\settings.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\Settings\settings.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5dd4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5dd8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5ddc
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.LOG1, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5de0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.LOG2, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5de4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5de8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5dec
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5df0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5df4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5df8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5dfc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5e00
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5e04
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5e08
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5e0c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5e10
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5e14
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5e18
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5e1c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5e20
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\Settings\settings.dat, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\Settings\settings.dat, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\Settings\settings.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\Settings\settings.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5e24
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.People_8wekyb3d8bbwe\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.People_8wekyb3d8bbwe\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.People_8wekyb3d8bbwe\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.People_8wekyb3d8bbwe\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5e28
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.People_8wekyb3d8bbwe\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.People_8wekyb3d8bbwe\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.People_8wekyb3d8bbwe\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.People_8wekyb3d8bbwe\Settings\settings.dat, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.People_8wekyb3d8bbwe\Settings\settings.dat, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.People_8wekyb3d8bbwe\Settings\settings.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.People_8wekyb3d8bbwe\Settings\settings.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.People_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.People_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5e2c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5e30
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\Settings\settings.dat, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\Settings\settings.dat, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\Settings\settings.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\Settings\settings.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5e3c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5e40
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\settings.dat, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\settings.dat, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\settings.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\settings.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5e44
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5e48
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5e58
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5e5c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5e60
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5e64
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\LVKKMMVN.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\LVKKMMVN.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\LVKKMMVN.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5e68
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\QCCK4TYM.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\QCCK4TYM.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\QCCK4TYM.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5e74
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5e78
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5e7c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5e84
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5e88
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat, type = size, size_out = 131072 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat, size = 131072, size_out = 131072 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat, size = 131088 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5e8c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5e90
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5e9c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5ea0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5ea4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5ea8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5eb8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5ebc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-shm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-shm, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-shm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5ec0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-wal, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-wal, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-wal.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5ec4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppTracing_BGTask.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppTracing_BGTask.etl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppTracing_BGTask.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5ec8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppTracing_BGTask.last.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppTracing_BGTask.last.etl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppTracing_BGTask.last.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5ed0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5ed4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5ed8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5edc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5ee0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5ee4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\settings.dat, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\settings.dat, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\settings.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\settings.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5ee8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5eec
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5ef0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5ef4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings\settings.dat, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings\settings.dat, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings\settings.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings\settings.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5ef8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\LocalState\_sessionState.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\LocalState\_sessionState.xml, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\LocalState\_sessionState.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5efc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5f00
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\settings.dat, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\settings.dat, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\settings.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\settings.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5f04
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5f08
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5f0c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5f10
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsPhone_8wekyb3d8bbwe\AC\Temp\RyukReadMe.txt, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsPhone_8wekyb3d8bbwe\AC\Temp\RyukReadMe.txt, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsPhone_8wekyb3d8bbwe\AC\Temp\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsPhone_8wekyb3d8bbwe\AC\Temp\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5f14
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsPhone_8wekyb3d8bbwe\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsPhone_8wekyb3d8bbwe\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsPhone_8wekyb3d8bbwe\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsPhone_8wekyb3d8bbwe\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5f18
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsPhone_8wekyb3d8bbwe\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsPhone_8wekyb3d8bbwe\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsPhone_8wekyb3d8bbwe\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsPhone_8wekyb3d8bbwe\Settings\settings.dat, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsPhone_8wekyb3d8bbwe\Settings\settings.dat, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsPhone_8wekyb3d8bbwe\Settings\settings.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsPhone_8wekyb3d8bbwe\Settings\settings.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsPhone_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsPhone_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5f1c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5f20
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5f24
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\INetCache\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\INetCache\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\INetCache\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5f28
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\INetCookies\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\INetCookies\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\INetCookies\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5f2c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5f30
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5f34
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5f38
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5f3c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5f40
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\settings.dat, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\settings.dat, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\settings.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\settings.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5f48
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5f4c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5f50
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5f54
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5f68
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5f6c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5f70
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5f74
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5f80
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5f84
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\settings.dat, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\settings.dat, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\settings.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\settings.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5f8c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5f90
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\settings.dat, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\settings.dat, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\settings.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\settings.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5f98
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5f9c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\settings.dat, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\settings.dat, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\settings.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\settings.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5fa0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5fa4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5fb4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.devicesflow_cw5n1h2txyewy\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.devicesflow_cw5n1h2txyewy\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.devicesflow_cw5n1h2txyewy\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.devicesflow_cw5n1h2txyewy\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5fb8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.devicesflow_cw5n1h2txyewy\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.devicesflow_cw5n1h2txyewy\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.devicesflow_cw5n1h2txyewy\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.devicesflow_cw5n1h2txyewy\Settings\settings.dat, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.devicesflow_cw5n1h2txyewy\Settings\settings.dat, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.devicesflow_cw5n1h2txyewy\Settings\settings.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.devicesflow_cw5n1h2txyewy\Settings\settings.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.devicesflow_cw5n1h2txyewy\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.devicesflow_cw5n1h2txyewy\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5fbc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5fc0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5fc4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5fc8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5fcc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\settings.dat.LOG2, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5fd0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\settings.dat, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\settings.dat, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\settings.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\settings.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5fd4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\roaming.lock, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\roaming.lock, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\roaming.lock, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\roaming.lock, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\roaming.lock, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\roaming.lock, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5fd8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\settings.dat.LOG2, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5fdc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5fe0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\settings.dat, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\settings.dat, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\settings.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\settings.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5fe4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\settings.dat.LOG1, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5fe8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\settings.dat.LOG2, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5ff0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5ff4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\settings.dat, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\settings.dat, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\settings.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\settings.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5ff8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5ffc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5bc8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\-IV4wPwFL.jpg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\-IV4wPwFL.jpg.RYK, type = size, size_out = 73042 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\-IV4wPwFL.jpg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5bec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\143D8HQ-K.flv.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\143D8HQ-K.flv.RYK, type = size, size_out = 18306 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\143D8HQ-K.flv.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5b20
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\1h4xX.ots.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\1h4xX.ots.RYK, type = size, size_out = 41458 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\1h4xX.ots.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5b30
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\1IfXYAEG.m4a.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\1IfXYAEG.m4a.RYK, type = size, size_out = 40434 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\1IfXYAEG.m4a.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5bb4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\23-z26ppnFbb _N.m4a.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\23-z26ppnFbb _N.m4a.RYK, type = size, size_out = 11186 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\23-z26ppnFbb _N.m4a.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2454
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\8c 7fOguOClvgb97sIp.xls.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\8c 7fOguOClvgb97sIp.xls.RYK, type = size, size_out = 56498 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\8c 7fOguOClvgb97sIp.xls.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5ba8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\a6WaOQ3LzAaGpXb88w.mkv.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\a6WaOQ3LzAaGpXb88w.mkv.RYK, type = size, size_out = 83074 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\a6WaOQ3LzAaGpXb88w.mkv.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5b2c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\A9jMpUEC4IEAgPajkt.mp4.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\A9jMpUEC4IEAgPajkt.mp4.RYK, type = size, size_out = 59650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\A9jMpUEC4IEAgPajkt.mp4.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5c88
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\b7YZ5uYsWzDT2Y.bmp.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\b7YZ5uYsWzDT2Y.bmp.RYK, type = size, size_out = 74850 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\b7YZ5uYsWzDT2Y.bmp.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5d44
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\BNBRCSDfnG9Ly.wav.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\BNBRCSDfnG9Ly.wav.RYK, type = size, size_out = 52450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\BNBRCSDfnG9Ly.wav.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x58f4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\bxFlFkFVlcBldzTF.jpg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\bxFlFkFVlcBldzTF.jpg.RYK, type = size, size_out = 14962 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\bxFlFkFVlcBldzTF.jpg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x58fc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\BZuRj0Q.jpg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\BZuRj0Q.jpg.RYK, type = size, size_out = 79170 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\BZuRj0Q.jpg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x58f0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\dUCn4607e5za GN.mp3.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\dUCn4607e5za GN.mp3.RYK, type = size, size_out = 65218 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\dUCn4607e5za GN.mp3.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5904
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EtFDxO.bmp.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EtFDxO.bmp.RYK, type = size, size_out = 43026 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EtFDxO.bmp.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x58dc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\f4 q3WksJVrLw.pdf.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\f4 q3WksJVrLw.pdf.RYK, type = size, size_out = 56034 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\f4 q3WksJVrLw.pdf.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x576c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\I0iGbSjzdjNYzu.xls.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\I0iGbSjzdjNYzu.xls.RYK, type = size, size_out = 9362 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\I0iGbSjzdjNYzu.xls.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x58d0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\PLDM5bj8U.mp3.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\PLDM5bj8U.mp3.RYK, type = size, size_out = 14114 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\PLDM5bj8U.mp3.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5bc4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\qvZQXub6daTWFoSwVEJf.mp3.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\qvZQXub6daTWFoSwVEJf.mp3.RYK, type = size, size_out = 57970 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\qvZQXub6daTWFoSwVEJf.mp3.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5b1c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\qXQ8-QdfHvdJ BwhQ9P9.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\qXQ8-QdfHvdJ BwhQ9P9.png.RYK, type = size, size_out = 6162 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\qXQ8-QdfHvdJ BwhQ9P9.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5b24
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\sJNPBx1ehdBo.m4a.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\sJNPBx1ehdBo.m4a.RYK, type = size, size_out = 93682 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\sJNPBx1ehdBo.m4a.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5c84
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\UFnTEli.xlsx.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\UFnTEli.xlsx.RYK, type = size, size_out = 48354 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\UFnTEli.xlsx.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5e4c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\UUSs3AeMNCx54.jpg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\UUSs3AeMNCx54.jpg.RYK, type = size, size_out = 22194 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\UUSs3AeMNCx54.jpg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5e70
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\u_t6UyUNmbL5JeN0Z.doc.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\u_t6UyUNmbL5JeN0Z.doc.RYK, type = size, size_out = 9362 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\u_t6UyUNmbL5JeN0Z.doc.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5eb4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\WJPVs.mp4.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\WJPVs.mp4.RYK, type = size, size_out = 3602 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\WJPVs.mp4.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5ecc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\_ljjvK390Yct8JYbkw.mp3.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\_ljjvK390Yct8JYbkw.mp3.RYK, type = size, size_out = 39762 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\_ljjvK390Yct8JYbkw.mp3.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5e54
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\container.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\container.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x5e94
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\counters.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\counters.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\counters.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5eb0
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\IE\container.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\IE\container.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x5eac
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\IE\container.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\IE\container.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x5e98
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\MSIMGSIZ.DAT.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\MSIMGSIZ.DAT.RYK, type = size, size_out = 49410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\MSIMGSIZ.DAT.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5e50
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\SmartScreenCache.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\SmartScreenCache.dat.RYK, type = size, size_out = 123298 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\SmartScreenCache.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5e80
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\SuggestedSites.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\SuggestedSites.dat.RYK, type = size, size_out = 5243306 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\SuggestedSites.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5e6c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB.chk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB.chk.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB.chk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5f44
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5f64
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB00006.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB00006.log.RYK, type = size, size_out = 2097442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB00006.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5fac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBres00001.jrs.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBres00001.jrs.RYK, type = size, size_out = 2097442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBres00001.jrs.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5fb0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBres00002.jrs.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBres00002.jrs.RYK, type = size, size_out = 2097442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBres00002.jrs.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5f5c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBtmp.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBtmp.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBtmp.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x5f7c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\vedatamodel.edb, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\vedatamodel.edb, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\vedatamodel.edb.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6004
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\Temp\CalendarCache.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\Temp\CalendarCache.dat.RYK, type = size, size_out = 20 |
|
2 |
Thread 0x6008
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\store.vol.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\store.vol.RYK, type = size, size_out = 6291750 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\store.vol.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x600c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.chk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.chk.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.chk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6010
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.log.RYK, type = size, size_out = 3146018 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6014
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00001.jrs.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00001.jrs.RYK, type = size, size_out = 3146018 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00001.jrs.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6018
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00002.jrs.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00002.jrs.RYK, type = size, size_out = 3146018 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00002.jrs.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x601c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USStmp.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USStmp.log.RYK, type = size, size_out = 3146018 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USStmp.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6024
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6028
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\container.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\container.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x602c
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\MSHist012019022720190228\container.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\MSHist012019022720190228\container.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x6030
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\container.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\container.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x603c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\IconCache.db, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\IconCache.db, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\IconCache.db.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6040
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0\ngen.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0\ngen.log.RYK, type = size, size_out = 1042 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0\ngen.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6044
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0_32\ngen.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0_32\ngen.log.RYK, type = size, size_out = 1026 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0_32\ngen.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6048
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Credentials\DFBE70A7E5CC19A398EBF1B96859CE5D.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Credentials\DFBE70A7E5CC19A398EBF1B96859CE5D.RYK, type = size, size_out = 11554 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Credentials\DFBE70A7E5CC19A398EBF1B96859CE5D.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x604c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\FeedsStore.feedsdb-ms.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\FeedsStore.feedsdb-ms.RYK, type = size, size_out = 5410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\FeedsStore.feedsdb-ms.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6050
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\Internet Explorer Suggested Sites~.feed-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\Internet Explorer Suggested Sites~.feed-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\Internet Explorer Suggested Sites~.feed-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6054
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\container.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\container.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x6058
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\O593F7EE\ieonlinews.microsoft[1].RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\O593F7EE\ieonlinews.microsoft[1].RYK, type = size, size_out = 0 |
|
2 |
Thread 0x6060
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\FORMS\FRMDATA64.DAT.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\FORMS\FRMDATA64.DAT.RYK, type = size, size_out = 255186 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\FORMS\FRMDATA64.DAT.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6064
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\GameDVR\KnownGameList.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\GameDVR\KnownGameList.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\GameDVR\KnownGameList.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6068
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\brndlog.txt.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\brndlog.txt.RYK, type = size, size_out = 6866 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\brndlog.txt.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x606c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DomainSuggestions\en-US.1.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DomainSuggestions\en-US.1.RYK, type = size, size_out = 18466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DomainSuggestions\en-US.1.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6070
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\52UK17NV\www.google[1].xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\52UK17NV\www.google[1].xml.RYK, type = size, size_out = 13 |
|
2 |
Thread 0x6074
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\container.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\container.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x6078
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\L8OQST1L\consent.google[1].xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\L8OQST1L\consent.google[1].xml, type = size, size_out = 13 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\L8OQST1L\consent.google[1].xml, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\L8OQST1L\consent.google[1].xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x607c
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\EmieBrowserModeList\container.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\EmieBrowserModeList\container.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x6080
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\EmieSiteList\container.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\EmieSiteList\container.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x6084
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\EmieUserList\container.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\EmieUserList\container.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x6088
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\ie4uinit-ClearIconCache.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\ie4uinit-ClearIconCache.log.RYK, type = size, size_out = 1218 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\ie4uinit-ClearIconCache.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x608c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\ie4uinit-UserConfig.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\ie4uinit-UserConfig.log.RYK, type = size, size_out = 1586 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\ie4uinit-UserConfig.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6090
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\IECompatData\iecompatdata.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\IECompatData\iecompatdata.xml.RYK, type = size, size_out = 3378 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\IECompatData\iecompatdata.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6094
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\IEFlipAheadCache\container.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\IEFlipAheadCache\container.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x60a0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\imagestore\sl72e5n\imagestore.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\imagestore\sl72e5n\imagestore.dat.RYK, type = size, size_out = 5938 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\imagestore\sl72e5n\imagestore.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x60a4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT.RYK, type = size, size_out = 49410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x60a8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{63E26EB7-6816-11E7-9BD2-C40142ECDE47}.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{63E26EB7-6816-11E7-9BD2-C40142ECDE47}.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{63E26EB7-6816-11E7-9BD2-C40142ECDE47}.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x60ac
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{94C50253-C9AC-11E7-9BDD-C40142ECDE47}.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{94C50253-C9AC-11E7-9BDD-C40142ECDE47}.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{94C50253-C9AC-11E7-9BDD-C40142ECDE47}.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x60b0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Tiles\pin-314712940\msapplication.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Tiles\pin-314712940\msapplication.xml.RYK, type = size, size_out = 706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Tiles\pin-314712940\msapplication.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x60b4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\VersionManager\versionlist.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\VersionManager\versionlist.xml.RYK, type = size, size_out = 14722 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\VersionManager\versionlist.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x60b8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\01_Music_auto_rated_at_5_stars.wpl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\01_Music_auto_rated_at_5_stars.wpl, type = size, size_out = 1044 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\01_Music_auto_rated_at_5_stars.wpl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\01_Music_auto_rated_at_5_stars.wpl, size = 1044, size_out = 1044 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\01_Music_auto_rated_at_5_stars.wpl, size = 1056 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\01_Music_auto_rated_at_5_stars.wpl, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\01_Music_auto_rated_at_5_stars.wpl, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\01_Music_auto_rated_at_5_stars.wpl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\01_Music_auto_rated_at_5_stars.wpl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x60bc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\02_Music_added_in_the_last_month.wpl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\02_Music_added_in_the_last_month.wpl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\02_Music_added_in_the_last_month.wpl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x60c0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\03_Music_rated_at_4_or_5_stars.wpl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\03_Music_rated_at_4_or_5_stars.wpl, type = size, size_out = 1267 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\03_Music_rated_at_4_or_5_stars.wpl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\03_Music_rated_at_4_or_5_stars.wpl, size = 1267, size_out = 1267 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\03_Music_rated_at_4_or_5_stars.wpl, size = 1280 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\03_Music_rated_at_4_or_5_stars.wpl, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\03_Music_rated_at_4_or_5_stars.wpl, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\03_Music_rated_at_4_or_5_stars.wpl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\03_Music_rated_at_4_or_5_stars.wpl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x60c4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\04_Music_played_in_the_last_month.wpl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\04_Music_played_in_the_last_month.wpl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\04_Music_played_in_the_last_month.wpl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x60c8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\05_Pictures_taken_in_the_last_month.wpl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\05_Pictures_taken_in_the_last_month.wpl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\05_Pictures_taken_in_the_last_month.wpl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x60cc
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\06_Pictures_rated_4_or_5_stars.wpl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\06_Pictures_rated_4_or_5_stars.wpl, type = size, size_out = 785 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\06_Pictures_rated_4_or_5_stars.wpl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\06_Pictures_rated_4_or_5_stars.wpl, size = 785, size_out = 785 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\06_Pictures_rated_4_or_5_stars.wpl, size = 800 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\06_Pictures_rated_4_or_5_stars.wpl, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\06_Pictures_rated_4_or_5_stars.wpl, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\06_Pictures_rated_4_or_5_stars.wpl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\06_Pictures_rated_4_or_5_stars.wpl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x60d0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\07_TV_recorded_in_the_last_week.wpl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\07_TV_recorded_in_the_last_week.wpl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\07_TV_recorded_in_the_last_week.wpl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x60d4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\08_Video_rated_at_4_or_5_stars.wpl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\08_Video_rated_at_4_or_5_stars.wpl, type = size, size_out = 1020 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\08_Video_rated_at_4_or_5_stars.wpl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\08_Video_rated_at_4_or_5_stars.wpl, size = 1020, size_out = 1020 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\08_Video_rated_at_4_or_5_stars.wpl, size = 1024 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\08_Video_rated_at_4_or_5_stars.wpl, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\08_Video_rated_at_4_or_5_stars.wpl, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\08_Video_rated_at_4_or_5_stars.wpl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\08_Video_rated_at_4_or_5_stars.wpl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x60d8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\09_Music_played_the_most.wpl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\09_Music_played_the_most.wpl, type = size, size_out = 1025 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\09_Music_played_the_most.wpl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\09_Music_played_the_most.wpl, size = 1025, size_out = 1025 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\09_Music_played_the_most.wpl, size = 1040 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\09_Music_played_the_most.wpl, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\09_Music_played_the_most.wpl, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\09_Music_played_the_most.wpl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\09_Music_played_the_most.wpl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x60dc
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\10_All_Music.wpl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\10_All_Music.wpl, type = size, size_out = 1346 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\10_All_Music.wpl, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\10_All_Music.wpl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\10_All_Music.wpl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\10_All_Music.wpl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\10_All_Music.wpl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x60e0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\11_All_Pictures.wpl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\11_All_Pictures.wpl, type = size, size_out = 585 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\11_All_Pictures.wpl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\11_All_Pictures.wpl, size = 585, size_out = 585 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\11_All_Pictures.wpl, size = 592 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\11_All_Pictures.wpl, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\11_All_Pictures.wpl, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\11_All_Pictures.wpl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\11_All_Pictures.wpl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x60e4
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\12_All_Video.wpl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\12_All_Video.wpl, type = size, size_out = 1362 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\12_All_Video.wpl, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\12_All_Video.wpl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\12_All_Video.wpl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\12_All_Video.wpl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\12_All_Video.wpl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x60e8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\cdn.odc.officeapps.live.com\29598952-6912-4B4E-8754-D3E714F498C3, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\cdn.odc.officeapps.live.com\29598952-6912-4B4E-8754-D3E714F498C3, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\cdn.odc.officeapps.live.com\29598952-6912-4B4E-8754-D3E714F498C3.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x60ec
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\01A0C0A0-84FB-4EB4-A9A1-4BCABE4EFC24, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\01A0C0A0-84FB-4EB4-A9A1-4BCABE4EFC24, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\01A0C0A0-84FB-4EB4-A9A1-4BCABE4EFC24.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x60f0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\04A54DF6-2C68-43B6-89EB-3B7958597AC7, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\04A54DF6-2C68-43B6-89EB-3B7958597AC7, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\04A54DF6-2C68-43B6-89EB-3B7958597AC7.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x60f4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\0552393D-14EB-4F89-8C21-8959A49968D2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\0552393D-14EB-4F89-8C21-8959A49968D2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\0552393D-14EB-4F89-8C21-8959A49968D2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x60f8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\07EC9290-11A1-4B7B-8542-424076F02838, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\07EC9290-11A1-4B7B-8542-424076F02838, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\07EC9290-11A1-4B7B-8542-424076F02838.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x60fc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\18E43682-B084-475D-AA0F-B94BD8888B3D, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\18E43682-B084-475D-AA0F-B94BD8888B3D, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\18E43682-B084-475D-AA0F-B94BD8888B3D.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6100
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\2378B1B3-B054-41CE-B565-01C50DF64F3A, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\2378B1B3-B054-41CE-B565-01C50DF64F3A, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\2378B1B3-B054-41CE-B565-01C50DF64F3A.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6104
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\24E98DA1-B779-4FAC-9144-3233D1979336, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\24E98DA1-B779-4FAC-9144-3233D1979336, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\24E98DA1-B779-4FAC-9144-3233D1979336.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6108
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\2A9BD5FC-A11E-42DF-A867-B07EE85C6137, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\2A9BD5FC-A11E-42DF-A867-B07EE85C6137, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\2A9BD5FC-A11E-42DF-A867-B07EE85C6137.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x610c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\3ECE84BD-CF61-4B84-85B4-BB9C029B1D34, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\3ECE84BD-CF61-4B84-85B4-BB9C029B1D34, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\3ECE84BD-CF61-4B84-85B4-BB9C029B1D34.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6110
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\41D65FE9-AE28-4485-82A5-B9D59D0A0019, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\41D65FE9-AE28-4485-82A5-B9D59D0A0019, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\41D65FE9-AE28-4485-82A5-B9D59D0A0019.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6114
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\4558EE3B-BE9E-4DDA-A9E5-D74AA0D2D069, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\4558EE3B-BE9E-4DDA-A9E5-D74AA0D2D069, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\4558EE3B-BE9E-4DDA-A9E5-D74AA0D2D069.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6118
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\46DE614E-0C9B-46EB-84F0-89F985E8C156, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\46DE614E-0C9B-46EB-84F0-89F985E8C156, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\46DE614E-0C9B-46EB-84F0-89F985E8C156.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x611c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\488F2960-8DBA-42A5-A6F9-DF66073E536D, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\488F2960-8DBA-42A5-A6F9-DF66073E536D, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\488F2960-8DBA-42A5-A6F9-DF66073E536D.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6120
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\542AE9EC-2AAB-4A8D-86CE-BF36E018A365, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\542AE9EC-2AAB-4A8D-86CE-BF36E018A365, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\542AE9EC-2AAB-4A8D-86CE-BF36E018A365.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6124
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\5B8C44D4-2A63-481E-A1AB-5E6CF4501F02, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\5B8C44D4-2A63-481E-A1AB-5E6CF4501F02, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\5B8C44D4-2A63-481E-A1AB-5E6CF4501F02.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6128
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\5EABD895-1369-4673-B65E-C121C8F05C93, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\5EABD895-1369-4673-B65E-C121C8F05C93, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\5EABD895-1369-4673-B65E-C121C8F05C93.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x612c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\66172C59-AA66-47DE-BD2B-1B908C570062, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\66172C59-AA66-47DE-BD2B-1B908C570062, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\66172C59-AA66-47DE-BD2B-1B908C570062.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6130
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\66408A6E-F696-44FA-B896-9073D83C9463, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\66408A6E-F696-44FA-B896-9073D83C9463, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\66408A6E-F696-44FA-B896-9073D83C9463.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6134
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\683C6C51-6FBE-4F12-8495-5B218743CC76, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\683C6C51-6FBE-4F12-8495-5B218743CC76, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\683C6C51-6FBE-4F12-8495-5B218743CC76.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6138
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\77FD6918-29A5-4F0B-B1A7-EDEADD0A695F, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\77FD6918-29A5-4F0B-B1A7-EDEADD0A695F, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\77FD6918-29A5-4F0B-B1A7-EDEADD0A695F.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x613c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\797D396D-AC42-4AB5-A395-D4C7890DB4E6, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\797D396D-AC42-4AB5-A395-D4C7890DB4E6, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\797D396D-AC42-4AB5-A395-D4C7890DB4E6.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6140
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\7A123EA5-56EE-4596-A54E-8E612EE6B11E, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\7A123EA5-56EE-4596-A54E-8E612EE6B11E, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\7A123EA5-56EE-4596-A54E-8E612EE6B11E.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6144
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\7CDC9D9C-BADA-4EA1-8A7A-91189CBCBB42, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\7CDC9D9C-BADA-4EA1-8A7A-91189CBCBB42, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\7CDC9D9C-BADA-4EA1-8A7A-91189CBCBB42.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6148
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\7E661E9F-0FFD-4BF6-A6A9-A33E185C9131, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\7E661E9F-0FFD-4BF6-A6A9-A33E185C9131, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\7E661E9F-0FFD-4BF6-A6A9-A33E185C9131.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x614c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\7E7F2D4D-7FEC-45D5-9242-391C5BBDCE7E, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\7E7F2D4D-7FEC-45D5-9242-391C5BBDCE7E, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\7E7F2D4D-7FEC-45D5-9242-391C5BBDCE7E.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6150
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\804C4A29-C626-4EB0-9A5A-CEC3A687FD1B, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\804C4A29-C626-4EB0-9A5A-CEC3A687FD1B, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\804C4A29-C626-4EB0-9A5A-CEC3A687FD1B.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6154
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\8377A58B-6BB9-496C-A6DF-9A7A076B4B41, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\8377A58B-6BB9-496C-A6DF-9A7A076B4B41, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\8377A58B-6BB9-496C-A6DF-9A7A076B4B41.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6158
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\8BE6D37C-5753-4A96-817E-B3C94B03A82D, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\8BE6D37C-5753-4A96-817E-B3C94B03A82D, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\8BE6D37C-5753-4A96-817E-B3C94B03A82D.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x615c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\8C065BBF-7AD9-42C4-9735-9EEE5F756EA9, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\8C065BBF-7AD9-42C4-9735-9EEE5F756EA9, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\8C065BBF-7AD9-42C4-9735-9EEE5F756EA9.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6160
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\8C607B24-1BCC-4C57-8CE9-EC64CDD7114B, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\8C607B24-1BCC-4C57-8CE9-EC64CDD7114B, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\8C607B24-1BCC-4C57-8CE9-EC64CDD7114B.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6164
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\9403D050-B4D3-428F-920D-D3B5F01FD272, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\9403D050-B4D3-428F-920D-D3B5F01FD272, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\9403D050-B4D3-428F-920D-D3B5F01FD272.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6168
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\94D14502-E144-414C-89AE-0998D2709D89, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\94D14502-E144-414C-89AE-0998D2709D89, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\94D14502-E144-414C-89AE-0998D2709D89.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x616c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\9854EE7B-727A-4189-BCA8-C1A2F7C3ED6D, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\9854EE7B-727A-4189-BCA8-C1A2F7C3ED6D, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\9854EE7B-727A-4189-BCA8-C1A2F7C3ED6D.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6170
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\9B5E72BE-B516-4DBE-8414-EC40CCF98DF5, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\9B5E72BE-B516-4DBE-8414-EC40CCF98DF5, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\9B5E72BE-B516-4DBE-8414-EC40CCF98DF5.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6174
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\9CDDC916-A2AC-41E6-B1B9-CA1B9971F195, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\9CDDC916-A2AC-41E6-B1B9-CA1B9971F195, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\9CDDC916-A2AC-41E6-B1B9-CA1B9971F195.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6178
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\A20B85A3-C624-401C-946D-7F2C8C9E0EB0, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\A20B85A3-C624-401C-946D-7F2C8C9E0EB0, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\A20B85A3-C624-401C-946D-7F2C8C9E0EB0.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x617c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\A3899EB7-943F-45BF-9B62-7976C872C7D6, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\A3899EB7-943F-45BF-9B62-7976C872C7D6, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\A3899EB7-943F-45BF-9B62-7976C872C7D6.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6180
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\A590259A-C20F-4378-9A6C-F9556FC0CBA6, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\A590259A-C20F-4378-9A6C-F9556FC0CBA6, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\A590259A-C20F-4378-9A6C-F9556FC0CBA6.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6184
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\A6B97942-B79F-460B-AEB5-87B754D40071, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\A6B97942-B79F-460B-AEB5-87B754D40071, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\A6B97942-B79F-460B-AEB5-87B754D40071.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6188
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\AD0C61F1-C301-4A56-8793-549CFDE8A507, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\AD0C61F1-C301-4A56-8793-549CFDE8A507, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\AD0C61F1-C301-4A56-8793-549CFDE8A507.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x618c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\B8FFF45C-0C8F-4785-B42F-24711207C09E, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\B8FFF45C-0C8F-4785-B42F-24711207C09E, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\B8FFF45C-0C8F-4785-B42F-24711207C09E.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6190
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\BA1A7D9C-8B77-4E7D-97E6-EFCC062E7F93, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\BA1A7D9C-8B77-4E7D-97E6-EFCC062E7F93, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\BA1A7D9C-8B77-4E7D-97E6-EFCC062E7F93.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6194
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\BAB84B72-0292-47C4-A0B3-39B2FB0A440D, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\BAB84B72-0292-47C4-A0B3-39B2FB0A440D, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\BAB84B72-0292-47C4-A0B3-39B2FB0A440D.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6198
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\BCBCE985-2A13-4141-A7A2-2395FC5BAD3E, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\BCBCE985-2A13-4141-A7A2-2395FC5BAD3E, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\BCBCE985-2A13-4141-A7A2-2395FC5BAD3E.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x619c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\C8E2BE08-3214-419E-98CF-7DB7BAFDF7AF, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\C8E2BE08-3214-419E-98CF-7DB7BAFDF7AF, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\C8E2BE08-3214-419E-98CF-7DB7BAFDF7AF.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x61a0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\CA21D7B1-0D7B-41BF-A409-4B77C898A44F, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\CA21D7B1-0D7B-41BF-A409-4B77C898A44F, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\CA21D7B1-0D7B-41BF-A409-4B77C898A44F.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x61a4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\CF1CC7BF-A425-4541-8A36-51BFF9F38CBF, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\CF1CC7BF-A425-4541-8A36-51BFF9F38CBF, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\CF1CC7BF-A425-4541-8A36-51BFF9F38CBF.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x61a8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\D377C338-B3B0-4E63-9CD5-EE0A4AFF13CD, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\D377C338-B3B0-4E63-9CD5-EE0A4AFF13CD, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\D377C338-B3B0-4E63-9CD5-EE0A4AFF13CD.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x61ac
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\D99D1198-2688-447D-9BF2-F9F9C1375AFD, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\D99D1198-2688-447D-9BF2-F9F9C1375AFD, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\D99D1198-2688-447D-9BF2-F9F9C1375AFD.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x61b0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\D9C1BAAC-9EDD-4EBD-BD8A-5B53E9904C13, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\D9C1BAAC-9EDD-4EBD-BD8A-5B53E9904C13, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\D9C1BAAC-9EDD-4EBD-BD8A-5B53E9904C13.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x61b4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\E00BE78D-CFF7-47B9-8E8C-37ADF516B28A, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\E00BE78D-CFF7-47B9-8E8C-37ADF516B28A, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\E00BE78D-CFF7-47B9-8E8C-37ADF516B28A.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x61b8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\E164F0A7-B014-475B-BC5C-1C1285127D5A, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\E164F0A7-B014-475B-BC5C-1C1285127D5A, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\E164F0A7-B014-475B-BC5C-1C1285127D5A.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x61bc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\E277E429-138B-4461-B716-C03D493C22D0, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\E277E429-138B-4461-B716-C03D493C22D0, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\E277E429-138B-4461-B716-C03D493C22D0.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x61c0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\E4FDC49F-730A-46D4-9B3E-AE4CD4D8873A, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\E4FDC49F-730A-46D4-9B3E-AE4CD4D8873A, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\E4FDC49F-730A-46D4-9B3E-AE4CD4D8873A.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x61c4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\F1AC218A-8D02-402C-876E-4B0E2A662BFA, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\F1AC218A-8D02-402C-876E-4B0E2A662BFA, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\F1AC218A-8D02-402C-876E-4B0E2A662BFA.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x61c8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\F442332F-BE2E-45C6-B52A-9FA2F82F4F72, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\F442332F-BE2E-45C6-B52A-9FA2F82F4F72, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\F442332F-BE2E-45C6-B52A-9FA2F82F4F72.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x61cc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\F85AB5DD-848A-4CA1-A9F0-ECCF7052094F, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\F85AB5DD-848A-4CA1-A9F0-ECCF7052094F, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\F85AB5DD-848A-4CA1-A9F0-ECCF7052094F.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x61d0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\FA975BDF-A96C-4D1C-A93C-60FD5D97AC90, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\FA975BDF-A96C-4D1C-A93C-60FD5D97AC90, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\FA975BDF-A96C-4D1C-A93C-60FD5D97AC90.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x61d4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\03E95D48-EBA7-4D0E-895B-1582FC40EC0D, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\03E95D48-EBA7-4D0E-895B-1582FC40EC0D, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\03E95D48-EBA7-4D0E-895B-1582FC40EC0D.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x61d8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\82BD62FD-974C-42F4-866A-5C738238984B, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\82BD62FD-974C-42F4-866A-5C738238984B, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\82BD62FD-974C-42F4-866A-5C738238984B.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x61dc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\8BD876A5-9C43-4F45-9565-3FAF3AC71A0B, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\8BD876A5-9C43-4F45-9565-3FAF3AC71A0B, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\8BD876A5-9C43-4F45-9565-3FAF3AC71A0B.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x61e0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\9097A298-E9C2-4AFF-8C46-428E8A30E31C, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\9097A298-E9C2-4AFF-8C46-428E8A30E31C, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\9097A298-E9C2-4AFF-8C46-428E8A30E31C.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x61e4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\C246F9AB-D3D8-41D6-AD9F-FDA8F3368F67, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\C246F9AB-D3D8-41D6-AD9F-FDA8F3368F67, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\C246F9AB-D3D8-41D6-AD9F-FDA8F3368F67.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x61e8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\PowerP16.customUI.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\PowerP16.customUI.RYK, type = size, size_out = 3810 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\PowerP16.customUI.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x61ec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\Word16.customUI.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\Word16.customUI.RYK, type = size, size_out = 3794 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\Word16.customUI.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x61f0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayLogo.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayLogo.png.RYK, type = size, size_out = 4946 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayLogo.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x61f4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayOptIn.gif.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayOptIn.gif.RYK, type = size, size_out = 383506 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayOptIn.gif.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x61f8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayOptIn.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayOptIn.png.RYK, type = size, size_out = 10514 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayOptIn.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x61fc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\CollectOneDriveLogs.bat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\CollectOneDriveLogs.bat.RYK, type = size, size_out = 6130 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\CollectOneDriveLogs.bat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6200
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\ExclusionList.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\ExclusionList.xml.RYK, type = size, size_out = 20338 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\ExclusionList.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6204
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayLogo.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayLogo.png.RYK, type = size, size_out = 4946 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayLogo.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6208
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayOptIn.gif.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayOptIn.gif.RYK, type = size, size_out = 383506 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayOptIn.gif.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x620c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayOptIn.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayOptIn.png.RYK, type = size, size_out = 10514 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayOptIn.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6210
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\CollectOneDriveLogs.bat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\CollectOneDriveLogs.bat.RYK, type = size, size_out = 6130 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\CollectOneDriveLogs.bat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6214
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\ExclusionList.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\ExclusionList.xml.RYK, type = size, size_out = 20338 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\ExclusionList.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6218
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\adm\OneDrive.adml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\adm\OneDrive.adml.RYK, type = size, size_out = 19890 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\adm\OneDrive.adml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x621c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\adm\OneDrive.admx.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\adm\OneDrive.admx.RYK, type = size, size_out = 10114 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\adm\OneDrive.admx.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6220
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\alertIcon.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\alertIcon.png.RYK, type = size, size_out = 994 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\alertIcon.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6224
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppBlue.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppBlue.png.RYK, type = size, size_out = 5778 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppBlue.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6228
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppErrorBlue.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppErrorBlue.png.RYK, type = size, size_out = 7858 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppErrorBlue.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x622c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppErrorWhite.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppErrorWhite.png.RYK, type = size, size_out = 8578 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppErrorWhite.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6230
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppWhite.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppWhite.png.RYK, type = size, size_out = 3330 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppWhite.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6234
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AutoPlayOptIn.gif.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AutoPlayOptIn.gif.RYK, type = size, size_out = 383506 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AutoPlayOptIn.gif.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6238
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AutoPlayOptIn.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AutoPlayOptIn.png.RYK, type = size, size_out = 10514 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AutoPlayOptIn.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x623c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\CollectSyncLogs.bat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\CollectSyncLogs.bat.RYK, type = size, size_out = 6706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\CollectSyncLogs.bat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6240
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ElevatedAppBlue.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ElevatedAppBlue.png.RYK, type = size, size_out = 7666 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ElevatedAppBlue.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6244
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ElevatedAppWhite.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ElevatedAppWhite.png.RYK, type = size, size_out = 5346 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ElevatedAppWhite.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6248
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\Error.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\Error.png.RYK, type = size, size_out = 8066 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\Error.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x624c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ErrorPage.html.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ErrorPage.html.RYK, type = size, size_out = 5346 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ErrorPage.html.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6250
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\acmDismissIcon.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\acmDismissIcon.svg.RYK, type = size, size_out = 2578 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\acmDismissIcon.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6254
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\blurrect.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\blurrect.png.RYK, type = size, size_out = 1090 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\blurrect.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6258
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_finished.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_finished.svg.RYK, type = size, size_out = 498 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_finished.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x625c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_hovered.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_hovered.svg.RYK, type = size, size_out = 674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_hovered.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6260
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_in_progress.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_in_progress.svg.RYK, type = size, size_out = 674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_in_progress.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6264
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_selected.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_selected.svg.RYK, type = size, size_out = 674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_selected.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6268
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\chevron.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\chevron.svg.RYK, type = size, size_out = 578 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\chevron.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x626c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\chevronUp.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\chevronUp.svg.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\chevronUp.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6270
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\cloud.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\cloud.svg.RYK, type = size, size_out = 2018 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\cloud.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6274
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\done_graphic.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\done_graphic.svg.RYK, type = size, size_out = 32658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\done_graphic.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6278
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\errorIcon.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\errorIcon.svg.RYK, type = size, size_out = 1074 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\errorIcon.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x627c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder.svg.RYK, type = size, size_out = 578 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6280
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_desktop.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_desktop.svg.RYK, type = size, size_out = 2226 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_desktop.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6284
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_documents.svg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_documents.svg, type = size, size_out = 20818 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_documents.svg, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_documents.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_documents.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_documents.svg, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_documents.svg.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6288
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_pictures.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_pictures.svg.RYK, type = size, size_out = 12834 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_pictures.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x628c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\iceBucket.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\iceBucket.svg.RYK, type = size, size_out = 6210 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\iceBucket.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6290
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\loading.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\loading.svg.RYK, type = size, size_out = 994 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\loading.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6294
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\loading_spinner.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\loading_spinner.svg.RYK, type = size, size_out = 722 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\loading_spinner.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6298
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onDemandFiles.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onDemandFiles.svg.RYK, type = size, size_out = 7794 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onDemandFiles.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x629c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onDemandSelectiveSync.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onDemandSelectiveSync.svg.RYK, type = size, size_out = 2930 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onDemandSelectiveSync.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x62a0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onedrivePremium.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onedrivePremium.svg.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onedrivePremium.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x62a4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\overflowIcon.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\overflowIcon.svg.RYK, type = size, size_out = 1266 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\overflowIcon.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x62a8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\overflowIconWhite.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\overflowIconWhite.svg.RYK, type = size, size_out = 1202 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\overflowIconWhite.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x62ac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\partiallyFreezing.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\partiallyFreezing.svg.RYK, type = size, size_out = 4690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\partiallyFreezing.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x62b0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\settings.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\settings.svg.RYK, type = size, size_out = 1666 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\settings.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x62b4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\settingsdisabled.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\settingsdisabled.svg.RYK, type = size, size_out = 1666 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\settingsdisabled.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x62b8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\signIn.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\signIn.svg.RYK, type = size, size_out = 11218 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\signIn.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x62bc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\stackedIceCubes.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\stackedIceCubes.svg.RYK, type = size, size_out = 5090 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\stackedIceCubes.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x62c0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\waterGlass.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\waterGlass.svg.RYK, type = size, size_out = 2114 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\waterGlass.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x62c4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\LoadingPage.html.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\LoadingPage.html.RYK, type = size, size_out = 6690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\LoadingPage.html.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x62c8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\OneDriveLogo.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\OneDriveLogo.png.RYK, type = size, size_out = 4946 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\OneDriveLogo.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x62cc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\fabricmdl2.ttf.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\fabricmdl2.ttf.RYK, type = size, size_out = 106866 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\fabricmdl2.ttf.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x62d0
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls\Styles\Flat\qmldir, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls\Styles\Flat\qmldir, type = size, size_out = 106 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls\Styles\Flat\qmldir, size = 106, size_out = 106 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls\Styles\Flat\qmldir, size = 112 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls\Styles\Flat\qmldir, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls\Styles\Flat\qmldir, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls\Styles\Flat\qmldir, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls\Styles\Flat\qmldir.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x62d4
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls\Styles\qmldir, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls\Styles\qmldir, type = size, size_out = 1858 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls\Styles\qmldir, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls\Styles\qmldir, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls\Styles\qmldir.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls\Styles\qmldir, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls\Styles\qmldir.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x62d8
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\Button.qml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\Button.qml, type = size, size_out = 3874 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\Button.qml, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\Button.qml, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\Button.qml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\Button.qml, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\Button.qml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x62dc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\Menu.qml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\Menu.qml.RYK, type = size, size_out = 3154 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\Menu.qml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x62e0
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\MenuItem.qml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\MenuItem.qml, type = size, size_out = 3922 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\MenuItem.qml, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\MenuItem.qml, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\MenuItem.qml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\MenuItem.qml, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\MenuItem.qml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x62e4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\plugins.qmltypes, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\plugins.qmltypes, type = size, size_out = 70711 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\plugins.qmltypes, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\plugins.qmltypes, size = 70711, size_out = 70711 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\plugins.qmltypes, size = 70720 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\plugins.qmltypes, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\plugins.qmltypes, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\plugins.qmltypes, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\plugins.qmltypes.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x62e8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ProgressBar.qml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ProgressBar.qml, type = size, size_out = 2791 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ProgressBar.qml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ProgressBar.qml, size = 2791, size_out = 2791 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ProgressBar.qml, size = 2800 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ProgressBar.qml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ProgressBar.qml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ProgressBar.qml, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ProgressBar.qml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x62ec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\qmldir.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\qmldir.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\qmldir.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x62f0
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ScrollBar.qml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ScrollBar.qml, type = size, size_out = 3410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ScrollBar.qml, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ScrollBar.qml, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ScrollBar.qml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ScrollBar.qml, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ScrollBar.qml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x62f4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ScrollIndicator.qml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ScrollIndicator.qml, type = size, size_out = 2981 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ScrollIndicator.qml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\qmldir.RYK, size = 2981, size_out = 2981 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\qmldir.RYK, size = 2992 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\qmldir.RYK, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\qmldir.RYK, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ScrollIndicator.qml, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ScrollIndicator.qml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x62f8
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Extras\plugins.qmltypes, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Extras\plugins.qmltypes, type = size, size_out = 30162 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Extras\plugins.qmltypes, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Extras\plugins.qmltypes, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Extras\plugins.qmltypes.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Extras\plugins.qmltypes, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Extras\plugins.qmltypes.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x62fc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Extras\qmldir.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Extras\qmldir.RYK, type = size, size_out = 434 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Extras\qmldir.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6300
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Layouts\plugins.qmltypes, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Layouts\plugins.qmltypes, type = size, size_out = 4066 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Layouts\plugins.qmltypes, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Layouts\plugins.qmltypes, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Layouts\plugins.qmltypes.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Layouts\plugins.qmltypes, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Layouts\plugins.qmltypes.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6304
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Layouts\qmldir.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Layouts\qmldir.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Layouts\qmldir.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6308
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Templates.2\plugins.qmltypes, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Templates.2\plugins.qmltypes, type = size, size_out = 51242 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Templates.2\plugins.qmltypes, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Templates.2\plugins.qmltypes, size = 51242, size_out = 51242 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Templates.2\plugins.qmltypes, size = 51248 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Templates.2\plugins.qmltypes, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Templates.2\plugins.qmltypes, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Templates.2\plugins.qmltypes, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Templates.2\plugins.qmltypes.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x630c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Templates.2\qmldir.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Templates.2\qmldir.RYK, type = size, size_out = 402 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Templates.2\qmldir.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6310
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Window.2\plugins.qmltypes, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Window.2\plugins.qmltypes, type = size, size_out = 11772 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Window.2\plugins.qmltypes, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Window.2\plugins.qmltypes, size = 11772, size_out = 11772 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Window.2\plugins.qmltypes, size = 11776 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Window.2\plugins.qmltypes, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Window.2\plugins.qmltypes, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Window.2\plugins.qmltypes, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Window.2\plugins.qmltypes.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6314
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Window.2\qmldir.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Window.2\qmldir.RYK, type = size, size_out = 402 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Window.2\qmldir.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6318
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick.2\plugins.qmltypes.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick.2\plugins.qmltypes.RYK, type = size, size_out = 185970 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick.2\plugins.qmltypes.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x631c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick.2\qmldir.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick.2\qmldir.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick.2\qmldir.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6320
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaCritical.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaCritical.png.RYK, type = size, size_out = 9090 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaCritical.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6324
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaError.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaError.png.RYK, type = size, size_out = 9570 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaError.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6328
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaNearing.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaNearing.png.RYK, type = size, size_out = 7794 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaNearing.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x632c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\SaveApplicationEventLogs.wsf.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\SaveApplicationEventLogs.wsf.RYK, type = size, size_out = 1778 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\SaveApplicationEventLogs.wsf.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6330
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ScreenshotOptIn.gif.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ScreenshotOptIn.gif.RYK, type = size, size_out = 243778 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ScreenshotOptIn.gif.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6334
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\TestSharePage.html.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ThirdPartyNotices.txt.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ThirdPartyNotices.txt.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6338
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ThirdPartyNotices.txt.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ThirdPartyNotices.txt.RYK, type = size, size_out = 49410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ThirdPartyNotices.txt.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x633c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\Warning.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\Warning.png.RYK, type = size, size_out = 2882 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\Warning.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6340
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-12.641.736.1.odl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-12.641.736.1.odl, type = size, size_out = 15267 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-12.641.736.1.odl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-12.641.736.1.odl, size = 15267, size_out = 15267 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-12.641.736.1.odl, size = 15280 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-12.641.736.1.odl, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-12.641.736.1.odl, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-12.641.736.1.odl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-12.641.736.1.odl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6344
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-13.114.4068.1.odl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-13.114.4068.1.odl, type = size, size_out = 11280 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-13.114.4068.1.odl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-13.114.4068.1.odl, size = 11280, size_out = 11280 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-13.114.4068.1.odl, size = 11296 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-13.114.4068.1.odl, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-13.114.4068.1.odl, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-13.114.4068.1.odl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-13.114.4068.1.odl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6348
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-13.2154.3480.1.odl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-13.2154.3480.1.odl, type = size, size_out = 11280 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-13.2154.3480.1.odl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-13.2154.3480.1.odl, size = 11280, size_out = 11280 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-13.2154.3480.1.odl, size = 11296 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-13.2154.3480.1.odl, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-13.2154.3480.1.odl, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-13.2154.3480.1.odl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-13.2154.3480.1.odl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x634c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-18.2324.2928.1.odl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-18.2324.2928.1.odl, type = size, size_out = 11280 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-18.2324.2928.1.odl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-18.2324.2928.1.odl, size = 11280, size_out = 11280 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-18.2324.2928.1.odl, size = 11296 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-18.2324.2928.1.odl, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-18.2324.2928.1.odl, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-18.2324.2928.1.odl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-18.2324.2928.1.odl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6350
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-21.155.3700.1.odl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-21.155.3700.1.odl, type = size, size_out = 11280 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-21.155.3700.1.odl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-21.155.3700.1.odl, size = 11280, size_out = 11280 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\PlayReady\RyukReadMe.txt, size = 11296 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\PlayReady\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\PlayReady\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-21.155.3700.1.odl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-21.155.3700.1.odl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6354
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-9-26.2241.1252.1.odl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-9-26.2241.1252.1.odl, type = size, size_out = 10965 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-9-26.2241.1252.1.odl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-9-26.2241.1252.1.odl, size = 10965, size_out = 10965 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-9-26.2241.1252.1.odl, size = 10976 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-9-26.2241.1252.1.odl, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-9-26.2241.1252.1.odl, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-9-26.2241.1252.1.odl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-9-26.2241.1252.1.odl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6358
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-9-26.63.3668.1.odl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-9-26.63.3668.1.odl, type = size, size_out = 15598 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-9-26.63.3668.1.odl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-9-26.63.3668.1.odl, size = 15598, size_out = 15598 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-9-26.63.3668.1.odl, size = 15600 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-9-26.63.3668.1.odl, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-9-26.63.3668.1.odl, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-9-26.63.3668.1.odl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-9-26.63.3668.1.odl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x635c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\standaloneUpdaterTelemetryCache.otc.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\standaloneUpdaterTelemetryCache.otc.RYK, type = size, size_out = 20770 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\standaloneUpdaterTelemetryCache.otc.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6360
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\standaloneUpdaterTelemetryCache.otc.session, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\standaloneUpdaterTelemetryCache.otc.session, type = size, size_out = 20480 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\standaloneUpdaterTelemetryCache.otc.session, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\standaloneUpdaterTelemetryCache.otc.session, size = 20480, size_out = 20480 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\standaloneUpdaterTelemetryCache.otc.session, size = 20496 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\standaloneUpdaterTelemetryCache.otc.session, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\standaloneUpdaterTelemetryCache.otc.session, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\standaloneUpdaterTelemetryCache.otc.session, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\standaloneUpdaterTelemetryCache.otc.session.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6364
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\telemetryCache.otc.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\telemetryCache.otc.RYK, type = size, size_out = 10517214 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\telemetryCache.otc.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6368
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\telemetryCache.otc.session.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\telemetryCache.otc.session.RYK, type = size, size_out = 66450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\telemetryCache.otc.session.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x636c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceArchive.5892.0626-0.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceArchive.5892.0626-0.etl.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceArchive.5892.0626-0.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6370
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceArchive.6917.0607-1.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceArchive.6917.0607-1.etl.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceArchive.6917.0607-1.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6374
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceCurrent.6998.0830.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceCurrent.6998.0830.etl.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceCurrent.6998.0830.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6378
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\OneDrivePersonal.cmd.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\OneDrivePersonal.cmd.RYK, type = size, size_out = 354 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\OneDrivePersonal.cmd.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x637c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_121120_934-848.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_121120_934-848.log.RYK, type = size, size_out = 9650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_121120_934-848.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6380
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_121121_d68-ddc.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_121121_d68-ddc.log.RYK, type = size, size_out = 8994 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_121121_d68-ddc.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6384
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_123817_760-808.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_123817_760-808.log.RYK, type = size, size_out = 9650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_123817_760-808.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6388
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_123818_e38-824.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_123818_e38-824.log.RYK, type = size, size_out = 8994 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_123818_e38-824.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x638c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_133220_864-704.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_133220_864-704.log.RYK, type = size, size_out = 9650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_133220_864-704.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6390
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_133220_ae0-29c.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_133220_ae0-29c.log.RYK, type = size, size_out = 8978 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_133220_ae0-29c.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6394
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-05-24_104601_b30-494.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-05-24_104601_b30-494.log, type = size, size_out = 464652 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-05-24_104601_b30-494.log, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-05-24_104601_b30-494.log, size = 464652, size_out = 464652 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-05-24_104601_b30-494.log, size = 464656 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-05-24_104601_b30-494.log, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-05-24_104601_b30-494.log, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-05-24_104601_b30-494.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-05-24_104601_b30-494.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6398
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-07-12_164141_b14-7f0.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-07-12_164141_b14-7f0.log, type = size, size_out = 578260 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-07-12_164141_b14-7f0.log, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-07-12_164141_b14-7f0.log, size = 578260, size_out = 578260 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-07-12_164141_b14-7f0.log, size = 578272 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-07-12_164141_b14-7f0.log, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-07-12_164141_b14-7f0.log, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-07-12_164141_b14-7f0.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-07-12_164141_b14-7f0.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x639c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-09-26_160326_bb4-8e8.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-09-26_160326_bb4-8e8.log, type = size, size_out = 604364 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-09-26_160326_bb4-8e8.log, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-09-26_160326_bb4-8e8.log, size = 604364, size_out = 604364 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-09-26_160326_bb4-8e8.log, size = 604368 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-09-26_160326_bb4-8e8.log, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-09-26_160326_bb4-8e8.log, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-09-26_160326_bb4-8e8.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-09-26_160326_bb4-8e8.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x63a0
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-05-24_104600_528-57c.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-05-24_104600_528-57c.log, type = size, size_out = 94210 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-05-24_104600_528-57c.log, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-05-24_104600_528-57c.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-05-24_104600_528-57c.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-05-24_104600_528-57c.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-05-24_104600_528-57c.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x63a4
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-07-12_164138_904-4d0.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-07-12_164138_904-4d0.log, type = size, size_out = 113074 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-07-12_164138_904-4d0.log, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-07-12_164138_904-4d0.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-07-12_164138_904-4d0.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-07-12_164138_904-4d0.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-07-12_164138_904-4d0.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x63a8
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-09-26_160323_3a0-354.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-09-26_160323_3a0-354.log, type = size, size_out = 119810 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-09-26_160323_3a0-354.log, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-09-26_160323_3a0-354.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-09-26_160323_3a0-354.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-09-26_160323_3a0-354.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-09-26_160323_3a0-354.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x63ac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc.RYK, type = size, size_out = 20770 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x63b0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc.session.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc.session.RYK, type = size, size_out = 20770 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc.session.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x63b4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-12_164130_2e0-2c8.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-12_164130_2e0-2c8.log, type = size, size_out = 4318 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-12_164130_2e0-2c8.log, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-12_164130_2e0-2c8.log, size = 4318, size_out = 4318 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-12_164130_2e0-2c8.log, size = 4320 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-12_164130_2e0-2c8.log, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-12_164130_2e0-2c8.log, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-12_164130_2e0-2c8.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-12_164130_2e0-2c8.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x63b8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-13_111425_fe4-f74.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-13_111425_fe4-f74.log, type = size, size_out = 2004 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-13_111425_fe4-f74.log, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-13_111425_fe4-f74.log, size = 2004, size_out = 2004 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-13_111425_fe4-f74.log, size = 2016 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-13_111425_fe4-f74.log, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-13_111425_fe4-f74.log, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-13_111425_fe4-f74.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-13_111425_fe4-f74.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x63bc
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-14_075507_d98-d94.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-14_075507_d98-d94.log, type = size, size_out = 2006 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-14_075507_d98-d94.log, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-14_075507_d98-d94.log, size = 2006, size_out = 2006 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-14_075507_d98-d94.log, size = 2016 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-14_075507_d98-d94.log, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-14_075507_d98-d94.log, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-14_075507_d98-d94.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-14_075507_d98-d94.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x63c0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-19_092447_b70-3a8.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-19_092447_b70-3a8.log, type = size, size_out = 2006 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-19_092447_b70-3a8.log, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-14_075507_d98-d94.log, size = 2006, size_out = 2006 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-14_075507_d98-d94.log, size = 2016 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-14_075507_d98-d94.log, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-14_075507_d98-d94.log, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-19_092447_b70-3a8.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-19_092447_b70-3a8.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x63c4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-21_115555_e74-e78.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-21_115555_e74-e78.log, type = size, size_out = 2006 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-21_115555_e74-e78.log, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-21_115555_e74-e78.log, size = 2006, size_out = 2006 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-21_115555_e74-e78.log, size = 2016 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-21_115555_e74-e78.log, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-21_115555_e74-e78.log, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-21_115555_e74-e78.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-21_115555_e74-e78.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x63c8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-09-26_160311_e54-e58.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-09-26_160311_e54-e58.log, type = size, size_out = 4302 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-09-26_160311_e54-e58.log, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-09-26_160311_e54-e58.log, size = 4302, size_out = 4302 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-09-26_160311_e54-e58.log, size = 4304 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-09-26_160311_e54-e58.log, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-09-26_160311_e54-e58.log, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-09-26_160311_e54-e58.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-09-26_160311_e54-e58.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x63cc
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-09-27_084159_4e4-594.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-09-27_084159_4e4-594.log, type = size, size_out = 2008 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-09-27_084159_4e4-594.log, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-09-27_084159_4e4-594.log, size = 2008, size_out = 2008 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-09-27_084159_4e4-594.log, size = 2016 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-09-27_084159_4e4-594.log, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-09-27_084159_4e4-594.log, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-09-27_084159_4e4-594.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-09-27_084159_4e4-594.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x63d0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc.RYK, type = size, size_out = 20770 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x63d4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc.session.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc.session.RYK, type = size, size_out = 20770 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc.session.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x63d8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\StandaloneUpdater\Update.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\StandaloneUpdater\Update.xml.RYK, type = size, size_out = 674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\StandaloneUpdater\Update.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x63dc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000000.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000000.bin.RYK, type = size, size_out = 12578 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000000.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x63e0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000001.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000001.bin.RYK, type = size, size_out = 20770 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000001.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x63e4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000004.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000004.bin.RYK, type = size, size_out = 14738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000004.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x63e8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000005.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000005.bin.RYK, type = size, size_out = 19522 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000005.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x63ec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000006.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000006.bin.RYK, type = size, size_out = 1890 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000006.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x63f0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000007.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000007.bin.RYK, type = size, size_out = 2514 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000007.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x63f4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000008.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000008.bin.RYK, type = size, size_out = 3954 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000008.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x63f8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000009.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000009.bin.RYK, type = size, size_out = 13314 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000009.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x63fc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000C.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000C.bin.RYK, type = size, size_out = 5666 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000C.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x5f60
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000D.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000D.bin.RYK, type = size, size_out = 7650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000D.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3c0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000F.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000F.bin.RYK, type = size, size_out = 5122 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000F.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x1318
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000G.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000G.bin.RYK, type = size, size_out = 2498 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000G.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6404
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000H.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000H.bin.RYK, type = size, size_out = 1938 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000H.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6408
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000I.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000I.bin.RYK, type = size, size_out = 4162 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000I.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x640c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000J.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000J.bin.RYK, type = size, size_out = 13362 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000J.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6410
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000L.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000L.bin.RYK, type = size, size_out = 2610 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000L.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6414
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000M.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000M.bin.RYK, type = size, size_out = 4466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000M.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6418
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000N.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000N.bin.RYK, type = size, size_out = 22914 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000N.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x641c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000O.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000O.bin.RYK, type = size, size_out = 16290 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000O.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6420
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000P.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000P.bin.RYK, type = size, size_out = 17570 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000P.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6424
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000Q.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000Q.bin.RYK, type = size, size_out = 4770 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000Q.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6428
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000R.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000R.bin.RYK, type = size, size_out = 8466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000R.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x642c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000S.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000S.bin.RYK, type = size, size_out = 4466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000S.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6430
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000T.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000T.bin.RYK, type = size, size_out = 4466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000T.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6434
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000U.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000U.bin.RYK, type = size, size_out = 14018 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000U.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6438
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000V.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000V.bin.RYK, type = size, size_out = 4370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000V.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x643c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000010.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000010.bin.RYK, type = size, size_out = 2210 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000010.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6440
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000011.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000011.bin.RYK, type = size, size_out = 2882 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000011.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6444
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000012.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000012.bin.RYK, type = size, size_out = 11730 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000012.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6448
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000013.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000013.bin.RYK, type = size, size_out = 14834 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000013.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x644c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000014.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000014.bin.RYK, type = size, size_out = 11618 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000014.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6458
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000015.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000015.bin.RYK, type = size, size_out = 13522 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000015.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x645c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000016.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000016.bin.RYK, type = size, size_out = 1858 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000016.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6460
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000017.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000017.bin.RYK, type = size, size_out = 12162 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000017.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6464
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000018.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000018.bin.RYK, type = size, size_out = 2546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000018.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6468
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003K.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003K.bin.RYK, type = size, size_out = 12578 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003K.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x646c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003L.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003L.bin.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003L.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6470
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003M.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003M.bin.RYK, type = size, size_out = 4386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003M.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6474
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003N.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003N.bin.RYK, type = size, size_out = 33058 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003N.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6478
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000048.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000048.bin.RYK, type = size, size_out = 49442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000048.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x647c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000004U.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000004U.bin.RYK, type = size, size_out = 4386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000004U.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6480
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\header.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\header.RYK, type = size, size_out = 354 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\header.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6484
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\TokenBroker\Cache\8d68c2e8263ce2da4efc5fc5f9a0c85c16c38ae4.tbres, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\TokenBroker\Cache\8d68c2e8263ce2da4efc5fc5f9a0c85c16c38ae4.tbres, type = size, size_out = 1956 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\TokenBroker\Cache\8d68c2e8263ce2da4efc5fc5f9a0c85c16c38ae4.tbres, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\TokenBroker\Cache\8d68c2e8263ce2da4efc5fc5f9a0c85c16c38ae4.tbres, size = 1956, size_out = 1956 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\TokenBroker\Cache\8d68c2e8263ce2da4efc5fc5f9a0c85c16c38ae4.tbres, size = 1968 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\TokenBroker\Cache\8d68c2e8263ce2da4efc5fc5f9a0c85c16c38ae4.tbres, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\TokenBroker\Cache\8d68c2e8263ce2da4efc5fc5f9a0c85c16c38ae4.tbres, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\TokenBroker\Cache\8d68c2e8263ce2da4efc5fc5f9a0c85c16c38ae4.tbres, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\TokenBroker\Cache\8d68c2e8263ce2da4efc5fc5f9a0c85c16c38ae4.tbres.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6488
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\4BF4C442-9B8A-41A0-B380-DD4A704DDB28\Policy.vpol.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\4BF4C442-9B8A-41A0-B380-DD4A704DDB28\Policy.vpol.RYK, type = size, size_out = 722 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\4BF4C442-9B8A-41A0-B380-DD4A704DDB28\Policy.vpol.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x648c
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\UserProfileRoaming\Latest.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\UserProfileRoaming\Latest.dat.RYK, type = size, size_out = 1 |
|
2 |
Thread 0x6490
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Visio\content16.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Visio\content16.dat.RYK, type = size, size_out = 276130 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Visio\content16.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x64bc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Sidebar\settings.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Sidebar\settings.ini.RYK, type = size, size_out = 370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Sidebar\settings.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x64c0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_bingpagedata\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_bingpagedata\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_bingpagedata\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_bingpagedata\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x64c4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_DNTException\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_DNTException\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_DNTException\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_DNTException\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x64c8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_iecompat\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_iecompat\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_iecompat\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_iecompat\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x64cc
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_iecompat\IECompatData.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_iecompat\IECompatData.xml, type = size, size_out = 82095 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_iecompat\IECompatData.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_iecompat\IECompatData.xml, size = 82095, size_out = 82095 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_iecompat\IECompatData.xml, size = 82096 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_iecompat\IECompatData.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_iecompat\IECompatData.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_iecompat\IECompatData.xml, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_iecompat\IECompatData.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x64d8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_iecompatua\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_iecompatua\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_iecompatua\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_iecompatua\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x64dc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_ieflipahead\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_ieflipahead\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_ieflipahead\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_ieflipahead\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x64e0
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.3DBuilder_8wekyb3d8bbwe\Settings\roaming.lock.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.3DBuilder_8wekyb3d8bbwe\Settings\roaming.lock.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x64e4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.3DBuilder_8wekyb3d8bbwe\Settings\settings.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.3DBuilder_8wekyb3d8bbwe\Settings\settings.dat.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.3DBuilder_8wekyb3d8bbwe\Settings\settings.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x64ec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x64f0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x64f4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat.LOG1, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x64f8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat.LOG2, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x64fc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6500
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6504
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.LOG1, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\SystemAppData\RyukReadMe.txt, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\SystemAppData\RyukReadMe.txt, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\SystemAppData\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\SystemAppData\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6508
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.LOG2, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x650c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Appconnector_8wekyb3d8bbwe\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Appconnector_8wekyb3d8bbwe\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Appconnector_8wekyb3d8bbwe\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Appconnector_8wekyb3d8bbwe\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6510
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Appconnector_8wekyb3d8bbwe\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Appconnector_8wekyb3d8bbwe\Settings\settings.dat, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Appconnector_8wekyb3d8bbwe\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Appconnector_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Appconnector_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Appconnector_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Appconnector_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6514
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingFinance_8wekyb3d8bbwe\Settings\roaming.lock.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingFinance_8wekyb3d8bbwe\Settings\roaming.lock.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x6518
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingFinance_8wekyb3d8bbwe\Settings\settings.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingFinance_8wekyb3d8bbwe\Settings\settings.dat.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingFinance_8wekyb3d8bbwe\Settings\settings.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x651c
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingNews_8wekyb3d8bbwe\Settings\roaming.lock.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingNews_8wekyb3d8bbwe\Settings\roaming.lock.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x6520
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingNews_8wekyb3d8bbwe\Settings\settings.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingNews_8wekyb3d8bbwe\Settings\settings.dat.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingNews_8wekyb3d8bbwe\Settings\settings.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6524
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingSports_8wekyb3d8bbwe\Settings\roaming.lock.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingSports_8wekyb3d8bbwe\Settings\roaming.lock.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x6528
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingSports_8wekyb3d8bbwe\Settings\settings.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingSports_8wekyb3d8bbwe\Settings\settings.dat.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingSports_8wekyb3d8bbwe\Settings\settings.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x652c
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Settings\roaming.lock.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Settings\roaming.lock.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x6530
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Settings\settings.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Settings\settings.dat.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Settings\settings.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6534
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6538
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x653c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat.LOG1, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6540
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat.LOG2, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6544
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\Settings\roaming.lock.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\Settings\roaming.lock.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x6548
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\Settings\settings.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\Settings\settings.dat.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\Settings\settings.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x654c
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\roaming.lock.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\roaming.lock.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x6550
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.LOG1, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6554
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.LOG2, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6558
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6560
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6564
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\1ZJA02JO.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\1ZJA02JO.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\1ZJA02JO.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6568
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\268TPJIA.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\268TPJIA.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\268TPJIA.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x656c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\6KWA3R8C.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\6KWA3R8C.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\6KWA3R8C.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6570
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\85DGK2J5.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\85DGK2J5.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\85DGK2J5.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6574
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6578
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\FPNDV7T3.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\FPNDV7T3.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\FPNDV7T3.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x657c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\J9KFLZDX.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\J9KFLZDX.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\J9KFLZDX.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6580
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\JN00AKV9.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\JN00AKV9.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\JN00AKV9.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6584
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\OR8K8VRM.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\OR8K8VRM.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\OR8K8VRM.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6588
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\TK0LXHBL.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\TK0LXHBL.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\TK0LXHBL.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x658c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\VC62GJSF.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\VC62GJSF.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\VC62GJSF.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6590
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\VSMDVD55.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\VSMDVD55.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\VSMDVD55.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6594
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\History\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\History\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\History\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6598
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\IECompatCache\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\IECompatCache\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\IECompatCache\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x659c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\MSIMGSIZ.DAT, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\MSIMGSIZ.DAT, type = size, size_out = 49120 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\MSIMGSIZ.DAT, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\RyukReadMe.txt, size = 49120, size_out = 49120 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\RyukReadMe.txt, size = 49136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\MSIMGSIZ.DAT, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\MSIMGSIZ.DAT.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x65ac
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x65b0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\51TU1403.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\51TU1403.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\51TU1403.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x65b4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\5GJKP08H.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\5GJKP08H.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\5GJKP08H.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x65b8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\6NQ9V8CD.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\6NQ9V8CD.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\6NQ9V8CD.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x65bc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x65c0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\JZ1UUUP9.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\JZ1UUUP9.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\JZ1UUUP9.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x65c4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\KW0ULAFV.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\KW0ULAFV.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\KW0ULAFV.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x65c8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\SW6Z4AI1.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\SW6Z4AI1.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\SW6Z4AI1.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x65cc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\TU6XBKFE.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\TU6XBKFE.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\TU6XBKFE.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x65d0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\U9PT9V3Q.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\U9PT9V3Q.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\U9PT9V3Q.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x65d4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\History\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\History\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\History\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x65e0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\IECompatCache\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\IECompatCache\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\IECompatCache\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x65e4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\MSIMGSIZ.DAT, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\MSIMGSIZ.DAT, type = size, size_out = 49120 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\MSIMGSIZ.DAT, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\MSIMGSIZ.DAT, size = 49120, size_out = 49120 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\RyukReadMe.txt, size = 49136 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\MSIMGSIZ.DAT, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\MSIMGSIZ.DAT.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6600
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\BingPageDataCache\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\BingPageDataCache\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\BingPageDataCache\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6604
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6608
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\1143SFPT.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\1143SFPT.txt, type = size, size_out = 111 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\1143SFPT.txt, size = 111, size_out = 111 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\1143SFPT.txt, size = 112 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\1143SFPT.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\1143SFPT.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\1143SFPT.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\1143SFPT.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x660c
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\1HP9XSYA.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\1HP9XSYA.txt, type = size, size_out = 149 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\1HP9XSYA.txt, size = 149, size_out = 149 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\1HP9XSYA.txt, size = 160 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\1HP9XSYA.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\1HP9XSYA.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\1HP9XSYA.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\1HP9XSYA.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6610
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\205ESPV2.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\205ESPV2.txt, type = size, size_out = 159 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\205ESPV2.txt, size = 159, size_out = 159 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\205ESPV2.txt, size = 160 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\205ESPV2.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\205ESPV2.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\205ESPV2.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\205ESPV2.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6614
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6618
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\Y51OCFZ0.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\Y51OCFZ0.txt, type = size, size_out = 121 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\Y51OCFZ0.txt, size = 121, size_out = 121 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\Y51OCFZ0.txt, size = 128 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\Y51OCFZ0.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\Y51OCFZ0.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\Y51OCFZ0.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\Y51OCFZ0.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6624
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\CortanaAssist\AllowList.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\CortanaAssist\AllowList.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\CortanaAssist\AllowList.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6628
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\History\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\History\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\History\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\History\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x662c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\IECompatCache\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\IECompatCache\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\IECompatCache\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6630
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\IECompatUaCache\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\IECompatUaCache\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\IECompatUaCache\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6634
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\IEFlipAheadCache\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\IEFlipAheadCache\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\IEFlipAheadCache\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6638
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edb.chk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edb.chk, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edb.chk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edb.chk, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edb.chk, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edb.chk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edb.chk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edb.chk, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edb.chk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x663c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edb.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edb.log, type = size, size_out = 524288 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edb.log, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edb.log, size = 524288, size_out = 524288 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\SystemAppData\RyukReadMe.txt, size = 524304 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\SystemAppData\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\SystemAppData\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edb.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edb.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6640
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edbres00001.jrs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edbres00001.jrs, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edbres00001.jrs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6644
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edbres00002.jrs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edbres00002.jrs, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edbres00002.jrs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6648
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edbtmp.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edbtmp.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\edbtmp.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x664c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6650
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6654
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat.LOG1, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat.LOG1, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat.LOG1, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat.LOG1, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat.LOG1, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat.LOG1, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6658
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat.LOG2, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x665c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6660
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\Settings\settings.dat, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\RyukReadMe.txt, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6664
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6668
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\Settings\settings.dat, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\Settings\settings.dat, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\Settings\settings.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\Settings\settings.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x666c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6670
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\settings.dat, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\settings.dat, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\settings.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\settings.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6674
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG1, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG1, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG1, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG1, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG1, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG1, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6678
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG2, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x667c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6680
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\settings.dat, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\settings.dat, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\settings.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\settings.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6684
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG1, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG1, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG1, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG1, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG1, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG1, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6688
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG2, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x668c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6690
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\Settings\settings.dat, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6694
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.People_8wekyb3d8bbwe\Settings\roaming.lock.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.People_8wekyb3d8bbwe\Settings\roaming.lock.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x6698
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.People_8wekyb3d8bbwe\Settings\settings.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.People_8wekyb3d8bbwe\Settings\settings.dat.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.People_8wekyb3d8bbwe\Settings\settings.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x669c
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\Settings\roaming.lock.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\Settings\roaming.lock.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x66a0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\Settings\settings.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\Settings\settings.dat.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\Settings\settings.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x66a4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x66a8
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\settings.dat, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x66ac
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\settings.dat.LOG1, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\settings.dat.LOG1, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\settings.dat.LOG1, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\settings.dat.LOG1, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\settings.dat.LOG1, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\settings.dat.LOG1, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x66b0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\settings.dat.LOG2, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x66b4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x66b8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\AppCache\RyukReadMe.txt, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\AppCache\RyukReadMe.txt, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\AppCache\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\AppCache\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x66bc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x66c0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x66c4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\AppCache\7CSZDG21\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\AppCache\7CSZDG21\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\AppCache\7CSZDG21\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x66c8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\AppCache\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\AppCache\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\AppCache\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\AppCache\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x66cc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\INetCache\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\INetCache\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\INetCache\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\INetCache\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x66d0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\INetCookies\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\INetCookies\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\INetCookies\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x66d4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x66d8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\settings.dat, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\settings.dat, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\settings.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\settings.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x66dc
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG1, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\RyukReadMe.txt, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\RyukReadMe.txt, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x66e0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG2, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x66e8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\INetCache\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\INetCache\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\INetCache\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x66ec
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\INetCookies\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\INetCookies\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\INetCookies\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x66f0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\001107b94f5293b397165f26d15a256e62b7d4a8a9228f3093ac37da2be5b24f, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\001107b94f5293b397165f26d15a256e62b7d4a8a9228f3093ac37da2be5b24f, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\001107b94f5293b397165f26d15a256e62b7d4a8a9228f3093ac37da2be5b24f.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x66f4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\2bed4133f7a5cd078ac3c621dfa8e6362121ce0928c026612a1f1ddf4f99a370, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\2bed4133f7a5cd078ac3c621dfa8e6362121ce0928c026612a1f1ddf4f99a370, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\2bed4133f7a5cd078ac3c621dfa8e6362121ce0928c026612a1f1ddf4f99a370.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x66f8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\2d8669052d2b7df8dd4b9607f2379c68aea752aafe0def6d5ce226264835a7ca, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\2d8669052d2b7df8dd4b9607f2379c68aea752aafe0def6d5ce226264835a7ca, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\2d8669052d2b7df8dd4b9607f2379c68aea752aafe0def6d5ce226264835a7ca.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x66fc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\3a53c604f9aa7fa34010083e9e398486423e851c704b4d50043aaf2a8574d9b2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\3a53c604f9aa7fa34010083e9e398486423e851c704b4d50043aaf2a8574d9b2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\3a53c604f9aa7fa34010083e9e398486423e851c704b4d50043aaf2a8574d9b2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6700
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\3a65241e49133a96904d70724844acb053dc753d3ab27f93e89f8059cbccdb92, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\3a65241e49133a96904d70724844acb053dc753d3ab27f93e89f8059cbccdb92, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\3a65241e49133a96904d70724844acb053dc753d3ab27f93e89f8059cbccdb92.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6704
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\440989d816ce3a311a914b13a22ba992f95690849d761ffa5caab5959db0c921, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\440989d816ce3a311a914b13a22ba992f95690849d761ffa5caab5959db0c921, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\440989d816ce3a311a914b13a22ba992f95690849d761ffa5caab5959db0c921.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6708
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\7053f8c6068c46e40f1016f56c5a556103340ef5fe7752801b7744069ae0f861, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\7053f8c6068c46e40f1016f56c5a556103340ef5fe7752801b7744069ae0f861, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\7053f8c6068c46e40f1016f56c5a556103340ef5fe7752801b7744069ae0f861.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x670c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\8567d7efc6dd43319b076ebebb98cc2abd2520838a9ebd41597e4052b4bd2a22, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\8567d7efc6dd43319b076ebebb98cc2abd2520838a9ebd41597e4052b4bd2a22, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\8567d7efc6dd43319b076ebebb98cc2abd2520838a9ebd41597e4052b4bd2a22.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6710
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\86f03f60d39829e5fba5aa195da9eedb1ad88e99410bf7fa169d1558aaf35bdd, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\86f03f60d39829e5fba5aa195da9eedb1ad88e99410bf7fa169d1558aaf35bdd, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\86f03f60d39829e5fba5aa195da9eedb1ad88e99410bf7fa169d1558aaf35bdd.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6714
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\91dd86d2e068177d1504451bc4f923d177183c305ba3a521ebe87a3ca889ed90, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\91dd86d2e068177d1504451bc4f923d177183c305ba3a521ebe87a3ca889ed90, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\91dd86d2e068177d1504451bc4f923d177183c305ba3a521ebe87a3ca889ed90.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6718
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\d6f3a2f0c0f5d4ad6cab70713323cac7710e91ff13667b2200b6b800881ac10f, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\d6f3a2f0c0f5d4ad6cab70713323cac7710e91ff13667b2200b6b800881ac10f, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\d6f3a2f0c0f5d4ad6cab70713323cac7710e91ff13667b2200b6b800881ac10f.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x671c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\f7df316937e894c20be9f8a6fc118847e60ea2dfe33cc1924f24346307e2b268, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\f7df316937e894c20be9f8a6fc118847e60ea2dfe33cc1924f24346307e2b268, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\f7df316937e894c20be9f8a6fc118847e60ea2dfe33cc1924f24346307e2b268.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6720
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6724
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat, type = size, size_out = 65536 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat, size = 65536, size_out = 65536 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat, size = 65552 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6728
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x672c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6730
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6734
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\12\appcache[1].man, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\12\appcache[1].man, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\12\appcache[1].man.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6738
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\12\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\12\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\12\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\12\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x673c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\12\zinc[1].htm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\12\zinc[1].htm, type = size, size_out = 120272 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\12\zinc[1].htm, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\12\zinc[1].htm, size = 120272, size_out = 120272 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\12\zinc[1].htm, size = 120288 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\12\zinc[1].htm, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\12\zinc[1].htm, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\12\zinc[1].htm, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\12\zinc[1].htm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6740
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\045d3532[1].js, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\045d3532[1].js, type = size, size_out = 6584 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\045d3532[1].js, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\045d3532[1].js, size = 6584, size_out = 6584 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\045d3532[1].js, size = 6592 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\045d3532[1].js, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\045d3532[1].js, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\045d3532[1].js, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\045d3532[1].js.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6744
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\0c3a2f0b[1].js, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\0c3a2f0b[1].js, type = size, size_out = 17445 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\0c3a2f0b[1].js, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\0c3a2f0b[1].js, size = 17445, size_out = 17445 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\0c3a2f0b[1].js, size = 17456 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\0c3a2f0b[1].js, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\0c3a2f0b[1].js, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\0c3a2f0b[1].js, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\0c3a2f0b[1].js.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6748
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\11ee0799[1].css, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\11ee0799[1].css, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\11ee0799[1].css.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x674c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\2462f13c[1].js, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\2462f13c[1].js, type = size, size_out = 41034 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\2462f13c[1].js, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\2462f13c[1].js, size = 41034, size_out = 41034 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\2462f13c[1].js, size = 41040 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\2462f13c[1].js, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\2462f13c[1].js, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\2462f13c[1].js, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\2462f13c[1].js.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6750
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\2743db28[1].css, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\2743db28[1].css, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\2743db28[1].css.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6754
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\2d27e2b0[1].css, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\2d27e2b0[1].css, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\2d27e2b0[1].css.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6758
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\3417f6c5[1].js, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\3417f6c5[1].js, type = size, size_out = 32007 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\3417f6c5[1].js, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\3417f6c5[1].js, size = 32007, size_out = 32007 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\3417f6c5[1].js, size = 32016 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\3417f6c5[1].js, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\3417f6c5[1].js, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\3417f6c5[1].js, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\3417f6c5[1].js.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x675c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\359d2aee[1].js, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\359d2aee[1].js, type = size, size_out = 45513 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\359d2aee[1].js, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\359d2aee[1].js, size = 45513, size_out = 45513 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\359d2aee[1].js, size = 45520 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\359d2aee[1].js, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\359d2aee[1].js, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\359d2aee[1].js, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\359d2aee[1].js.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6760
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\424a9e57[1].css, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\424a9e57[1].css, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\424a9e57[1].css.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6764
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\48a99eae[1].js, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\48a99eae[1].js, type = size, size_out = 15896 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\48a99eae[1].js, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\48a99eae[1].js, size = 15896, size_out = 15896 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\48a99eae[1].js, size = 15904 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\48a99eae[1].js, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\48a99eae[1].js, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\48a99eae[1].js, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\48a99eae[1].js.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6768
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\5bf5eed4[1].js, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\5bf5eed4[1].js, type = size, size_out = 50030 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\5bf5eed4[1].js, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\5bf5eed4[1].js, size = 50030, size_out = 50030 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\5bf5eed4[1].js, size = 50032 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\5bf5eed4[1].js, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\5bf5eed4[1].js, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\5bf5eed4[1].js, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\5bf5eed4[1].js.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x676c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\8636b4dd[1].js, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\8636b4dd[1].js, type = size, size_out = 94820 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\8636b4dd[1].js, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\8636b4dd[1].js, size = 94820, size_out = 94820 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\8636b4dd[1].js, size = 94832 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\8636b4dd[1].js, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\8636b4dd[1].js, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\8636b4dd[1].js, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\8636b4dd[1].js.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6770
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\89c17add[1].js, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\89c17add[1].js, type = size, size_out = 115298 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\89c17add[1].js, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\89c17add[1].js, size = 115298, size_out = 115298 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\89c17add[1].js, size = 115312 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\89c17add[1].js, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\89c17add[1].js, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\89c17add[1].js, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\89c17add[1].js.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6774
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\961fe1d8[1].js, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\961fe1d8[1].js, type = size, size_out = 40738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\961fe1d8[1].js, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\961fe1d8[1].js, size = 40738, size_out = 40738 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\961fe1d8[1].js, size = 40752 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\961fe1d8[1].js, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\961fe1d8[1].js, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\961fe1d8[1].js, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\961fe1d8[1].js.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6778
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\ab584def[1].js, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\ab584def[1].js, type = size, size_out = 172182 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\ab584def[1].js, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\ab584def[1].js, size = 172182, size_out = 172182 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\ab584def[1].js, size = 172192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\ab584def[1].js, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\ab584def[1].js, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\ab584def[1].js, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\ab584def[1].js.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x677c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\appcache[1].man, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\appcache[1].man, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\appcache[1].man.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6780
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\b7511cfd[1].js, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\b7511cfd[1].js, type = size, size_out = 601554 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\b7511cfd[1].js, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\b7511cfd[1].js, size = 601554, size_out = 601554 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\b7511cfd[1].js, size = 601568 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\b7511cfd[1].js, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\b7511cfd[1].js, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\b7511cfd[1].js, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\b7511cfd[1].js.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6784
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6788
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\d78ba3ab[1].css, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\d78ba3ab[1].css, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\d78ba3ab[1].css.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x678c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\dbef2181[1].js, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\dbef2181[1].js, type = size, size_out = 202240 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\dbef2181[1].js, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\dbef2181[1].js, size = 202240, size_out = 202240 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\dbef2181[1].js, size = 202256 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\dbef2181[1].js, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\dbef2181[1].js, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\dbef2181[1].js, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\dbef2181[1].js.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6790
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\e1e405d1[1].js, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\e1e405d1[1].js, type = size, size_out = 125356 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\e1e405d1[1].js, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\e1e405d1[1].js, size = 125356, size_out = 125356 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\e1e405d1[1].js, size = 125360 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\e1e405d1[1].js, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\e1e405d1[1].js, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\e1e405d1[1].js, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\e1e405d1[1].js.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6794
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\e3f307cb[1].js, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\e3f307cb[1].js, type = size, size_out = 18751 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\e3f307cb[1].js, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\e3f307cb[1].js, size = 18751, size_out = 18751 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\e3f307cb[1].js, size = 18752 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\e3f307cb[1].js, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\e3f307cb[1].js, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\e3f307cb[1].js, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\e3f307cb[1].js.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6798
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\fcd21029[1].js, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\fcd21029[1].js, type = size, size_out = 35182 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\fcd21029[1].js, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\fcd21029[1].js, size = 35182, size_out = 35182 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\fcd21029[1].js, size = 35184 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\fcd21029[1].js, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\fcd21029[1].js, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\fcd21029[1].js, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\fcd21029[1].js.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x679c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\Init[1].htm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\Init[1].htm, type = size, size_out = 48580 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\Init[1].htm, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\Init[1].htm, size = 48580, size_out = 48580 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\Init[1].htm, size = 48592 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\Init[1].htm, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\Init[1].htm, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\Init[1].htm, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\23\Init[1].htm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x67a0
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\5\appcache[1].man, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\5\appcache[1].man, type = size, size_out = 60 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\5\appcache[1].man, size = 60, size_out = 60 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\5\appcache[1].man, size = 64 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\5\appcache[1].man, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\5\appcache[1].man, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\5\appcache[1].man, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\5\appcache[1].man.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x67a4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\5\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\5\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\5\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\5\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x67a8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\5\zinc[1].htm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\5\zinc[1].htm, type = size, size_out = 119914 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\5\zinc[1].htm, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\5\zinc[1].htm, size = 119914, size_out = 119914 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\5\zinc[1].htm, size = 119920 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\5\zinc[1].htm, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\5\zinc[1].htm, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\5\zinc[1].htm, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\5\zinc[1].htm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x67ac
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\6\appcache[1].man, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\6\appcache[1].man, type = size, size_out = 60 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\6\appcache[1].man, size = 60, size_out = 60 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\6\appcache[1].man, size = 64 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\6\appcache[1].man, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\6\appcache[1].man, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\6\appcache[1].man, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\6\appcache[1].man.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x67b0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\6\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\6\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\6\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\6\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x67b4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\6\zinc[1].htm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\6\zinc[1].htm, type = size, size_out = 119914 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\6\zinc[1].htm, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\6\zinc[1].htm, size = 119914, size_out = 119914 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\6\zinc[1].htm, size = 119920 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\6\zinc[1].htm, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\6\zinc[1].htm, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\6\zinc[1].htm, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\6\zinc[1].htm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x67b8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\R1UTJCT7\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x67bc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\1N9MAX5B\threshold[2].appcache, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\1N9MAX5B\threshold[2].appcache, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\1N9MAX5B\threshold[2].appcache.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x67c0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x67c4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x67c8
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\LVKKMMVN.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\LVKKMMVN.txt, type = size, size_out = 211 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\LVKKMMVN.txt, size = 211, size_out = 211 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\LVKKMMVN.txt, size = 224 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\LVKKMMVN.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\LVKKMMVN.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\LVKKMMVN.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\LVKKMMVN.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x67cc
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\QCCK4TYM.txt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\QCCK4TYM.txt, type = size, size_out = 338 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\QCCK4TYM.txt, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\QCCK4TYM.txt, size = 338, size_out = 338 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\QCCK4TYM.txt, size = 352 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\QCCK4TYM.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\QCCK4TYM.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\QCCK4TYM.txt, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\QCCK4TYM.txt.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x67d0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb.chk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb.chk, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb.chk, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb.chk, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb.chk, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb.chk, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb.chk, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb.chk, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb.chk.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x67d4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb.log, type = size, size_out = 524288 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb.log, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb.log, size = 524288, size_out = 524288 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb.log, size = 524304 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb.log, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb.log, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x67d8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb00037.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb00037.log, type = size, size_out = 524288 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb00037.log, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb00037.log, size = 524288, size_out = 524288 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb00037.log, size = 524304 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb00037.log, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb00037.log, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb00037.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb00037.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x67dc
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb00038.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb00038.log, type = size, size_out = 524288 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb00038.log, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb00038.log, size = 524288, size_out = 524288 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb00038.log, size = 524304 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb00038.log, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb00038.log, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb00038.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb00038.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x67e0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb00039.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb00039.log, type = size, size_out = 524288 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb00039.log, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb00039.log, size = 524288, size_out = 524288 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb00039.log, size = 524304 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb00039.log, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb00039.log, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb00039.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb00039.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x67e4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb0003A.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb0003A.log, type = size, size_out = 524288 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb0003A.log, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb0003A.log, size = 524288, size_out = 524288 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb0003A.log, size = 524304 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb0003A.log, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb0003A.log, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb0003A.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb0003A.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x67e8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb0003B.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb0003B.log, type = size, size_out = 524288 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb0003B.log, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb0003B.log, size = 524288, size_out = 524288 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb0003B.log, size = 524304 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb0003B.log, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb0003B.log, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb0003B.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb0003B.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x67ec
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb0003C.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb0003C.log, type = size, size_out = 524288 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb0003C.log, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb0003C.log, size = 524288, size_out = 524288 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\LocalCache\RyukReadMe.txt, size = 524304 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\LocalCache\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\LocalCache\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb0003C.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edb0003C.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x67f0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edbres00001.jrs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edbres00001.jrs, type = size, size_out = 524288 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edbres00001.jrs, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edbres00001.jrs, size = 524288, size_out = 524288 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edbres00001.jrs, size = 524304 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edbres00001.jrs, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edbres00001.jrs, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edbres00001.jrs, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edbres00001.jrs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x67f4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edbres00002.jrs, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edbres00002.jrs, type = size, size_out = 524288 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edbres00002.jrs, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edbres00002.jrs, size = 524288, size_out = 524288 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edbres00002.jrs, size = 524304 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edbres00002.jrs, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edbres00002.jrs, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edbres00002.jrs, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edbres00002.jrs.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x67f8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edbtmp.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edbtmp.log, type = size, size_out = 524288 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edbtmp.log, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edbtmp.log, size = 524288, size_out = 524288 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edbtmp.log, size = 524304 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edbtmp.log, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edbtmp.log, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edbtmp.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\edbtmp.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x67fc
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6494
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin.LOG1, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin.LOG1, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin.LOG1, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin.LOG1, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin.LOG1, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin.LOG1, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x64a8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin.LOG2, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin.LOG2, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin.LOG2, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin.LOG2, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin.LOG2, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin.LOG2, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\speech_onecorereg.bin.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x64d4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x64e8
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat, type = size, size_out = 131362 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x64d0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.LOG1, type = size, size_out = 24576 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 24576, size_out = 24576 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 24592 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x649c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.LOG2, type = size, size_out = 20480 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.LOG2, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.LOG2, size = 20480, size_out = 20480 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.LOG2, size = 20496 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.LOG2, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.LOG2, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x64b0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x64b8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\settings.dat, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\settings.dat, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\settings.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\settings.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6498
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\settings.dat.LOG1, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x655c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\settings.dat.LOG2, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x64b4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite, type = size, size_out = 4096 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite, size = 4096, size_out = 4096 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite, size = 4112 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x64ac
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-shm, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-shm, type = size, size_out = 32768 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-shm, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-shm, size = 32768, size_out = 32768 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\RyukReadMe.txt, size = 32784 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-shm, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-shm.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x64a4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-wal, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-wal, type = size, size_out = 424392 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-wal, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-wal, size = 424392, size_out = 424392 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-wal, size = 424400 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-wal, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-wal, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-wal, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-wal.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x65a0
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppTracing_BGTask.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppTracing_BGTask.etl, type = size, size_out = 65536 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppTracing_BGTask.etl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppTracing_BGTask.etl, size = 65536, size_out = 65536 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppTracing_BGTask.etl, size = 65552 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppTracing_BGTask.etl, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppTracing_BGTask.etl, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppTracing_BGTask.etl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppTracing_BGTask.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x65dc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppTracing_BGTask.last.etl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppTracing_BGTask.last.etl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppTracing_BGTask.last.etl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x65fc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x661c
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x65f8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat.LOG1, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat.LOG1, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\RyukReadMe.txt, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\RyukReadMe.txt, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3f4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat.LOG2, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x65a8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x65ec
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x65f4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG1, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x65f0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG2, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x65a4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\TempState\TileCache_100_0_Data.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\TempState\TileCache_100_0_Data.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\TempState\TileCache_100_0_Data.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x65e8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\TempState\TileCache_100_0_Header.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\TempState\TileCache_100_0_Header.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\TempState\TileCache_100_0_Header.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x65d8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1314
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\settings.dat, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x1304
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x4b4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\Settings\settings.dat, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\Settings\settings.dat, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\Settings\settings.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\Settings\settings.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x558
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x300
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings\settings.dat, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xcc4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x3d4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\settings.dat, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\settings.dat, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\settings.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\settings.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x540
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\LocalState\_sessionState.xml, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\LocalState\_sessionState.xml, type = size, size_out = 459 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\LocalState\_sessionState.xml, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\LocalState\_sessionState.xml, size = 459, size_out = 459 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\LocalState\_sessionState.xml, size = 464 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\LocalState\_sessionState.xml, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\LocalState\_sessionState.xml, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\LocalState\_sessionState.xml, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\LocalState\_sessionState.xml.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x988
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x480
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\settings.dat, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0xa64
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\settings.dat.LOG1, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6804
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\settings.dat.LOG2, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsFeedback_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6814
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\Settings\roaming.lock.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\Settings\roaming.lock.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x6818
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\Settings\settings.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\Settings\settings.dat.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\Settings\settings.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6820
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsPhone_8wekyb3d8bbwe\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsPhone_8wekyb3d8bbwe\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsPhone_8wekyb3d8bbwe\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsPhone_8wekyb3d8bbwe\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6824
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsPhone_8wekyb3d8bbwe\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsPhone_8wekyb3d8bbwe\Settings\settings.dat, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsPhone_8wekyb3d8bbwe\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsPhone_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsPhone_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsPhone_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsPhone_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x682c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6830
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\Settings\settings.dat, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\Settings\settings.dat, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\Settings\settings.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\Settings\settings.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6834
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\INetCache\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\INetCache\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\INetCache\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\INetCache\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6844
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\INetCookies\container.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\INetCookies\container.dat, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\INetCookies\container.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\INetCookies\container.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x684c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6850
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6854
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6858
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\B912B2C6928A18B8CD7D50CF08BEA95B_2C7DBF3EF27E31A183ADD6317A482BD1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\B912B2C6928A18B8CD7D50CF08BEA95B_2C7DBF3EF27E31A183ADD6317A482BD1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\B912B2C6928A18B8CD7D50CF08BEA95B_2C7DBF3EF27E31A183ADD6317A482BD1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x685c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\FB0D848F74F70BB2EAA93746D24D9749, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\FB0D848F74F70BB2EAA93746D24D9749, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\FB0D848F74F70BB2EAA93746D24D9749.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6860
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6864
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6868
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat.LOG1, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat.LOG1, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\RyukReadMe.txt, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\RyukReadMe.txt, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x686c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat.LOG2, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6870
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\roaming.lock.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\roaming.lock.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x6874
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\settings.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\settings.dat.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\settings.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6878
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x687c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\settings.dat, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\RyukReadMe.txt, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6880
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\settings.dat.LOG1, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6884
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\settings.dat.LOG2, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6888
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x688c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\settings.dat, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\settings.dat, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\settings.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\settings.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6890
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\settings.dat.LOG1, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\roaming.lock.RYK, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\roaming.lock.RYK, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\roaming.lock.RYK, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\roaming.lock.RYK, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6894
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\settings.dat.LOG2, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6898
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\roaming.lock.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\roaming.lock.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x689c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\settings.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\settings.dat.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\settings.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x68a4
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\roaming.lock.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\roaming.lock.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x68a8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\settings.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\settings.dat.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\settings.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x68ac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x68b0
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\settings.dat, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x68b4
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\settings.dat.LOG1, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x68b8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\settings.dat.LOG2, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.ContactSupport_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x68bc
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.devicesflow_cw5n1h2txyewy\Settings\roaming.lock.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.devicesflow_cw5n1h2txyewy\Settings\roaming.lock.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x68c0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.devicesflow_cw5n1h2txyewy\Settings\settings.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.devicesflow_cw5n1h2txyewy\Settings\settings.dat.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.devicesflow_cw5n1h2txyewy\Settings\settings.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x68c4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x68c8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x68cc
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat.LOG1, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat.LOG2, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat.LOG2, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat.LOG2, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat.LOG2, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x68d0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat.LOG2, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x68d4
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\roaming.lock.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\roaming.lock.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x68d8
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\settings.dat.LOG1, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x68dc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\settings.dat.LOG2, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x68e0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\settings.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\settings.dat.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.MiracastView_cw5n1h2txyewy\Settings\settings.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x68e4
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\roaming.lock.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\roaming.lock.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x68e8
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\settings.dat.LOG1, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x68ec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\settings.dat.LOG2, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x68f0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\settings.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\settings.dat.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\settings.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x68f4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\roaming.lock, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\roaming.lock, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\roaming.lock, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\roaming.lock.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x68f8
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\settings.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\settings.dat, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\settings.dat, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\settings.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\settings.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x68fc
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\settings.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\settings.dat.LOG1, type = size, size_out = 8192 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 8192, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 8208 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\settings.dat.LOG1, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\settings.dat.LOG1, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\settings.dat.LOG1.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6900
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\settings.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\settings.dat.LOG2, type = size, size_out = 0 |
|
2 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\settings.dat.LOG2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Packages\Windows.PurchaseDialog_cw5n1h2txyewy\Settings\settings.dat.LOG2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6904
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\-IV4wPwFL.jpg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\-IV4wPwFL.jpg.RYK, type = size, size_out = 73042 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\-IV4wPwFL.jpg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6908
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\143D8HQ-K.flv.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\143D8HQ-K.flv.RYK, type = size, size_out = 18306 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\143D8HQ-K.flv.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x690c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\1h4xX.ots.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\1h4xX.ots.RYK, type = size, size_out = 41458 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\1h4xX.ots.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6910
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\1IfXYAEG.m4a.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\1IfXYAEG.m4a.RYK, type = size, size_out = 40434 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\1IfXYAEG.m4a.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6914
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\23-z26ppnFbb _N.m4a.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\23-z26ppnFbb _N.m4a.RYK, type = size, size_out = 11186 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\23-z26ppnFbb _N.m4a.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6918
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\8c 7fOguOClvgb97sIp.xls.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\8c 7fOguOClvgb97sIp.xls.RYK, type = size, size_out = 56498 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\8c 7fOguOClvgb97sIp.xls.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x691c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\a6WaOQ3LzAaGpXb88w.mkv.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\a6WaOQ3LzAaGpXb88w.mkv.RYK, type = size, size_out = 83074 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\a6WaOQ3LzAaGpXb88w.mkv.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6920
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\A9jMpUEC4IEAgPajkt.mp4.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\A9jMpUEC4IEAgPajkt.mp4.RYK, type = size, size_out = 59650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\A9jMpUEC4IEAgPajkt.mp4.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6924
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\b7YZ5uYsWzDT2Y.bmp.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\b7YZ5uYsWzDT2Y.bmp.RYK, type = size, size_out = 74850 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\b7YZ5uYsWzDT2Y.bmp.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6928
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\BNBRCSDfnG9Ly.wav.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\BNBRCSDfnG9Ly.wav.RYK, type = size, size_out = 52450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\BNBRCSDfnG9Ly.wav.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x692c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\bxFlFkFVlcBldzTF.jpg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\bxFlFkFVlcBldzTF.jpg.RYK, type = size, size_out = 14962 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\bxFlFkFVlcBldzTF.jpg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6930
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\BZuRj0Q.jpg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\BZuRj0Q.jpg.RYK, type = size, size_out = 79170 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\BZuRj0Q.jpg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6934
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\dUCn4607e5za GN.mp3.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\dUCn4607e5za GN.mp3.RYK, type = size, size_out = 65218 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\dUCn4607e5za GN.mp3.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6938
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EtFDxO.bmp.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EtFDxO.bmp.RYK, type = size, size_out = 43026 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\EtFDxO.bmp.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x693c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\f4 q3WksJVrLw.pdf.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\f4 q3WksJVrLw.pdf.RYK, type = size, size_out = 56034 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\f4 q3WksJVrLw.pdf.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6940
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\I0iGbSjzdjNYzu.xls.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\I0iGbSjzdjNYzu.xls.RYK, type = size, size_out = 9362 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\I0iGbSjzdjNYzu.xls.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6944
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\PLDM5bj8U.mp3.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\PLDM5bj8U.mp3.RYK, type = size, size_out = 14114 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\PLDM5bj8U.mp3.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6948
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\qvZQXub6daTWFoSwVEJf.mp3.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\qvZQXub6daTWFoSwVEJf.mp3.RYK, type = size, size_out = 57970 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\qvZQXub6daTWFoSwVEJf.mp3.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x694c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\qXQ8-QdfHvdJ BwhQ9P9.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\qXQ8-QdfHvdJ BwhQ9P9.png.RYK, type = size, size_out = 6162 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\qXQ8-QdfHvdJ BwhQ9P9.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6950
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\sJNPBx1ehdBo.m4a.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\sJNPBx1ehdBo.m4a.RYK, type = size, size_out = 93682 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\sJNPBx1ehdBo.m4a.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6954
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\UFnTEli.xlsx.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\UFnTEli.xlsx.RYK, type = size, size_out = 48354 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\UFnTEli.xlsx.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6958
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\UUSs3AeMNCx54.jpg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\UUSs3AeMNCx54.jpg.RYK, type = size, size_out = 22194 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\UUSs3AeMNCx54.jpg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x695c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\u_t6UyUNmbL5JeN0Z.doc.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\u_t6UyUNmbL5JeN0Z.doc.RYK, type = size, size_out = 9362 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\u_t6UyUNmbL5JeN0Z.doc.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6960
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\WJPVs.mp4.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\WJPVs.mp4.RYK, type = size, size_out = 3602 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\WJPVs.mp4.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6964
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\_ljjvK390Yct8JYbkw.mp3.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\_ljjvK390Yct8JYbkw.mp3.RYK, type = size, size_out = 39762 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\_ljjvK390Yct8JYbkw.mp3.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6968
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\container.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\container.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x696c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\counters.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\counters.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\counters.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6970
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\IE\container.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\IE\container.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x6974
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\IE\container.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\IE\container.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x6978
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\MSIMGSIZ.DAT.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\MSIMGSIZ.DAT.RYK, type = size, size_out = 49410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\MSIMGSIZ.DAT.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x697c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\SmartScreenCache.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\SmartScreenCache.dat.RYK, type = size, size_out = 123298 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\SmartScreenCache.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6980
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\SuggestedSites.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\SuggestedSites.dat.RYK, type = size, size_out = 5243306 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\SuggestedSites.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6988
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB.chk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB.chk.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB.chk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x698c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6990
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB00006.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB00006.log.RYK, type = size, size_out = 2097442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDB00006.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6994
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBres00001.jrs.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBres00001.jrs.RYK, type = size, size_out = 2097442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBres00001.jrs.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6998
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBres00002.jrs.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBres00002.jrs.RYK, type = size, size_out = 2097442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBres00002.jrs.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x699c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBtmp.log, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBtmp.log, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\EDBtmp.log.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x69a0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\vedatamodel.edb, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\vedatamodel.edb, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TileDataLayer\Database\vedatamodel.edb.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x69a4
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\Temp\CalendarCache.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\Temp\CalendarCache.dat.RYK, type = size, size_out = 20 |
|
2 |
Thread 0x69a8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\store.vol.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\store.vol.RYK, type = size, size_out = 6291750 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\store.vol.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x69ac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.chk.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.chk.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.chk.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x69b0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.log.RYK, type = size, size_out = 3146018 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USS.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x69b4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00001.jrs.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00001.jrs.RYK, type = size, size_out = 3146018 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00001.jrs.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x69b8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00002.jrs.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00002.jrs.RYK, type = size, size_out = 3146018 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00002.jrs.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x69bc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USStmp.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USStmp.log.RYK, type = size, size_out = 3146018 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USStmp.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x69c8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x69cc
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\container.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\container.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x69d0
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\MSHist012019022720190228\container.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\MSHist012019022720190228\container.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x69d4
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\container.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\container.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x69d8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\IconCache.db, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\IconCache.db, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\IconCache.db.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x69e4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0\ngen.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0\ngen.log.RYK, type = size, size_out = 1042 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0\ngen.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x69e8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0_32\ngen.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0_32\ngen.log.RYK, type = size, size_out = 1026 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0_32\ngen.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x69ec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Credentials\DFBE70A7E5CC19A398EBF1B96859CE5D.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Credentials\DFBE70A7E5CC19A398EBF1B96859CE5D.RYK, type = size, size_out = 11554 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Credentials\DFBE70A7E5CC19A398EBF1B96859CE5D.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x69f4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\FeedsStore.feedsdb-ms.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\FeedsStore.feedsdb-ms.RYK, type = size, size_out = 5410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\FeedsStore.feedsdb-ms.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x69f8
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\Internet Explorer Suggested Sites~.feed-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\Internet Explorer Suggested Sites~.feed-ms, type = size, size_out = 28672 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\Internet Explorer Suggested Sites~.feed-ms, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\Internet Explorer Suggested Sites~.feed-ms, size = 28672, size_out = 28672 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\Internet Explorer Suggested Sites~.feed-ms, size = 28688 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\Internet Explorer Suggested Sites~.feed-ms, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\Internet Explorer Suggested Sites~.feed-ms, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\Internet Explorer Suggested Sites~.feed-ms, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\Internet Explorer Suggested Sites~.feed-ms.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x69fc
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\container.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\container.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x6a04
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\O593F7EE\ieonlinews.microsoft[1].RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\O593F7EE\ieonlinews.microsoft[1].RYK, type = size, size_out = 0 |
|
2 |
Thread 0x6a08
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\FORMS\FRMDATA64.DAT.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\FORMS\FRMDATA64.DAT.RYK, type = size, size_out = 255186 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\FORMS\FRMDATA64.DAT.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6a0c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\GameDVR\KnownGameList.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\GameDVR\KnownGameList.bin, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\GameDVR\KnownGameList.bin.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6a10
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\brndlog.txt.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\brndlog.txt.RYK, type = size, size_out = 6866 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\brndlog.txt.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6a14
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DomainSuggestions\en-US.1.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DomainSuggestions\en-US.1.RYK, type = size, size_out = 18466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DomainSuggestions\en-US.1.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6a18
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\52UK17NV\www.google[1].xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\52UK17NV\www.google[1].xml.RYK, type = size, size_out = 13 |
|
2 |
Thread 0x6a1c
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\container.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\container.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x6a20
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\L8OQST1L\consent.google[1].xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\L8OQST1L\consent.google[1].xml.RYK, type = size, size_out = 13 |
|
2 |
Thread 0x6a24
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\EmieBrowserModeList\container.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\EmieBrowserModeList\container.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x6a28
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\EmieSiteList\container.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\EmieSiteList\container.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x6a2c
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\EmieUserList\container.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\EmieUserList\container.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x6a30
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\ie4uinit-ClearIconCache.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\ie4uinit-ClearIconCache.log.RYK, type = size, size_out = 1218 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\ie4uinit-ClearIconCache.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6a34
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\ie4uinit-UserConfig.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\ie4uinit-UserConfig.log.RYK, type = size, size_out = 1586 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\ie4uinit-UserConfig.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6a38
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\IECompatData\iecompatdata.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\IECompatData\iecompatdata.xml.RYK, type = size, size_out = 3378 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\IECompatData\iecompatdata.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6a3c
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\IEFlipAheadCache\container.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\IEFlipAheadCache\container.dat.RYK, type = size, size_out = 0 |
|
2 |
Thread 0x6a40
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\imagestore\sl72e5n\imagestore.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\imagestore\sl72e5n\imagestore.dat.RYK, type = size, size_out = 5938 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\imagestore\sl72e5n\imagestore.dat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6a44
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT.RYK, type = size, size_out = 49410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6a48
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{63E26EB7-6816-11E7-9BD2-C40142ECDE47}.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{63E26EB7-6816-11E7-9BD2-C40142ECDE47}.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{63E26EB7-6816-11E7-9BD2-C40142ECDE47}.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6a4c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{94C50253-C9AC-11E7-9BDD-C40142ECDE47}.dat, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{94C50253-C9AC-11E7-9BDD-C40142ECDE47}.dat, type = size, size_out = 12800 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{94C50253-C9AC-11E7-9BDD-C40142ECDE47}.dat, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{94C50253-C9AC-11E7-9BDD-C40142ECDE47}.dat, size = 12800, size_out = 12800 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\RyukReadMe.txt, size = 12816 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\RyukReadMe.txt, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\RyukReadMe.txt, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{94C50253-C9AC-11E7-9BDD-C40142ECDE47}.dat, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{94C50253-C9AC-11E7-9BDD-C40142ECDE47}.dat.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6a50
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Tiles\pin-314712940\msapplication.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Tiles\pin-314712940\msapplication.xml.RYK, type = size, size_out = 706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Tiles\pin-314712940\msapplication.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6a58
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\VersionManager\versionlist.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\VersionManager\versionlist.xml.RYK, type = size, size_out = 14722 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\VersionManager\versionlist.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6a5c
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\01_Music_auto_rated_at_5_stars.wpl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\01_Music_auto_rated_at_5_stars.wpl, type = size, size_out = 1330 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\01_Music_auto_rated_at_5_stars.wpl, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\01_Music_auto_rated_at_5_stars.wpl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\01_Music_auto_rated_at_5_stars.wpl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\01_Music_auto_rated_at_5_stars.wpl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\01_Music_auto_rated_at_5_stars.wpl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6a60
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\02_Music_added_in_the_last_month.wpl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\02_Music_added_in_the_last_month.wpl, type = size, size_out = 1279 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\02_Music_added_in_the_last_month.wpl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\02_Music_added_in_the_last_month.wpl, size = 1279, size_out = 1279 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\02_Music_added_in_the_last_month.wpl, size = 1280 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\02_Music_added_in_the_last_month.wpl, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\02_Music_added_in_the_last_month.wpl, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\02_Music_added_in_the_last_month.wpl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\02_Music_added_in_the_last_month.wpl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6a64
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\03_Music_rated_at_4_or_5_stars.wpl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\03_Music_rated_at_4_or_5_stars.wpl, type = size, size_out = 1554 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\03_Music_rated_at_4_or_5_stars.wpl, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\03_Music_rated_at_4_or_5_stars.wpl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\03_Music_rated_at_4_or_5_stars.wpl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\03_Music_rated_at_4_or_5_stars.wpl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\03_Music_rated_at_4_or_5_stars.wpl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6a68
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\04_Music_played_in_the_last_month.wpl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\04_Music_played_in_the_last_month.wpl, type = size, size_out = 1284 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\04_Music_played_in_the_last_month.wpl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\04_Music_played_in_the_last_month.wpl, size = 1284, size_out = 1284 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\04_Music_played_in_the_last_month.wpl, size = 1296 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\04_Music_played_in_the_last_month.wpl, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\04_Music_played_in_the_last_month.wpl, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\04_Music_played_in_the_last_month.wpl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\04_Music_played_in_the_last_month.wpl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6a6c
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\05_Pictures_taken_in_the_last_month.wpl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\05_Pictures_taken_in_the_last_month.wpl, type = size, size_out = 797 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\05_Pictures_taken_in_the_last_month.wpl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\05_Pictures_taken_in_the_last_month.wpl, size = 797, size_out = 797 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\05_Pictures_taken_in_the_last_month.wpl, size = 800 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\05_Pictures_taken_in_the_last_month.wpl, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\05_Pictures_taken_in_the_last_month.wpl, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\05_Pictures_taken_in_the_last_month.wpl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\05_Pictures_taken_in_the_last_month.wpl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6a70
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\06_Pictures_rated_4_or_5_stars.wpl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\06_Pictures_rated_4_or_5_stars.wpl, type = size, size_out = 1074 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\06_Pictures_rated_4_or_5_stars.wpl, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\06_Pictures_rated_4_or_5_stars.wpl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\06_Pictures_rated_4_or_5_stars.wpl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\06_Pictures_rated_4_or_5_stars.wpl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\06_Pictures_rated_4_or_5_stars.wpl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6a74
12
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\07_TV_recorded_in_the_last_week.wpl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\07_TV_recorded_in_the_last_week.wpl, type = size, size_out = 1040 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\07_TV_recorded_in_the_last_week.wpl, size = 25, size_out = 25 |
|
1 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\07_TV_recorded_in_the_last_week.wpl, size = 1040, size_out = 1040 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\07_TV_recorded_in_the_last_week.wpl, size = 1056 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\07_TV_recorded_in_the_last_week.wpl, size = 6 |
|
1 | |
| File | Write | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\07_TV_recorded_in_the_last_week.wpl, size = 268 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\07_TV_recorded_in_the_last_week.wpl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\07_TV_recorded_in_the_last_week.wpl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6a78
7
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\08_Video_rated_at_4_or_5_stars.wpl, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\08_Video_rated_at_4_or_5_stars.wpl, type = size, size_out = 1298 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\08_Video_rated_at_4_or_5_stars.wpl, size = 25, size_out = 25 |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\08_Video_rated_at_4_or_5_stars.wpl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\08_Video_rated_at_4_or_5_stars.wpl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\08_Video_rated_at_4_or_5_stars.wpl, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\08_Video_rated_at_4_or_5_stars.wpl.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6a7c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\09_Music_played_the_most.wpl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\09_Music_played_the_most.wpl.RYK, type = size, size_out = 1314 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\09_Music_played_the_most.wpl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6a80
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\10_All_Music.wpl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\10_All_Music.wpl.RYK, type = size, size_out = 1346 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\10_All_Music.wpl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6a84
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\11_All_Pictures.wpl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\11_All_Pictures.wpl.RYK, type = size, size_out = 866 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\11_All_Pictures.wpl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6a88
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\12_All_Video.wpl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\12_All_Video.wpl.RYK, type = size, size_out = 1362 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00009376\12_All_Video.wpl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6a8c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\cdn.odc.officeapps.live.com\29598952-6912-4B4E-8754-D3E714F498C3, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\cdn.odc.officeapps.live.com\29598952-6912-4B4E-8754-D3E714F498C3, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\cdn.odc.officeapps.live.com\29598952-6912-4B4E-8754-D3E714F498C3.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6a90
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\01A0C0A0-84FB-4EB4-A9A1-4BCABE4EFC24, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\01A0C0A0-84FB-4EB4-A9A1-4BCABE4EFC24, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\01A0C0A0-84FB-4EB4-A9A1-4BCABE4EFC24.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6a94
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\04A54DF6-2C68-43B6-89EB-3B7958597AC7, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\04A54DF6-2C68-43B6-89EB-3B7958597AC7, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\04A54DF6-2C68-43B6-89EB-3B7958597AC7.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6a98
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\0552393D-14EB-4F89-8C21-8959A49968D2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\0552393D-14EB-4F89-8C21-8959A49968D2, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\0552393D-14EB-4F89-8C21-8959A49968D2.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6a9c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\07EC9290-11A1-4B7B-8542-424076F02838, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\07EC9290-11A1-4B7B-8542-424076F02838, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\07EC9290-11A1-4B7B-8542-424076F02838.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6aa0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\18E43682-B084-475D-AA0F-B94BD8888B3D, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\18E43682-B084-475D-AA0F-B94BD8888B3D, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\18E43682-B084-475D-AA0F-B94BD8888B3D.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6aa4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\2378B1B3-B054-41CE-B565-01C50DF64F3A, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\2378B1B3-B054-41CE-B565-01C50DF64F3A, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\2378B1B3-B054-41CE-B565-01C50DF64F3A.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6aa8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\24E98DA1-B779-4FAC-9144-3233D1979336, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\24E98DA1-B779-4FAC-9144-3233D1979336, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\24E98DA1-B779-4FAC-9144-3233D1979336.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6aac
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\2A9BD5FC-A11E-42DF-A867-B07EE85C6137, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\2A9BD5FC-A11E-42DF-A867-B07EE85C6137, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\2A9BD5FC-A11E-42DF-A867-B07EE85C6137.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6ab0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\3ECE84BD-CF61-4B84-85B4-BB9C029B1D34, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\3ECE84BD-CF61-4B84-85B4-BB9C029B1D34, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\3ECE84BD-CF61-4B84-85B4-BB9C029B1D34.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6ab4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\41D65FE9-AE28-4485-82A5-B9D59D0A0019, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\41D65FE9-AE28-4485-82A5-B9D59D0A0019, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\41D65FE9-AE28-4485-82A5-B9D59D0A0019.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6ab8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\4558EE3B-BE9E-4DDA-A9E5-D74AA0D2D069, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\4558EE3B-BE9E-4DDA-A9E5-D74AA0D2D069, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\4558EE3B-BE9E-4DDA-A9E5-D74AA0D2D069.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6abc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\46DE614E-0C9B-46EB-84F0-89F985E8C156, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\46DE614E-0C9B-46EB-84F0-89F985E8C156, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\46DE614E-0C9B-46EB-84F0-89F985E8C156.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6ac0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\488F2960-8DBA-42A5-A6F9-DF66073E536D, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\488F2960-8DBA-42A5-A6F9-DF66073E536D, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\488F2960-8DBA-42A5-A6F9-DF66073E536D.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6ac4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\542AE9EC-2AAB-4A8D-86CE-BF36E018A365, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\542AE9EC-2AAB-4A8D-86CE-BF36E018A365, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\542AE9EC-2AAB-4A8D-86CE-BF36E018A365.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6ac8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\5B8C44D4-2A63-481E-A1AB-5E6CF4501F02, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\5B8C44D4-2A63-481E-A1AB-5E6CF4501F02, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\5B8C44D4-2A63-481E-A1AB-5E6CF4501F02.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6acc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\5EABD895-1369-4673-B65E-C121C8F05C93, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\5EABD895-1369-4673-B65E-C121C8F05C93, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\5EABD895-1369-4673-B65E-C121C8F05C93.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6ad0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\66172C59-AA66-47DE-BD2B-1B908C570062, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\66172C59-AA66-47DE-BD2B-1B908C570062, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\66172C59-AA66-47DE-BD2B-1B908C570062.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6ad4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\66408A6E-F696-44FA-B896-9073D83C9463, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\66408A6E-F696-44FA-B896-9073D83C9463, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\66408A6E-F696-44FA-B896-9073D83C9463.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6ad8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\683C6C51-6FBE-4F12-8495-5B218743CC76, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\683C6C51-6FBE-4F12-8495-5B218743CC76, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\683C6C51-6FBE-4F12-8495-5B218743CC76.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6adc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\77FD6918-29A5-4F0B-B1A7-EDEADD0A695F, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\77FD6918-29A5-4F0B-B1A7-EDEADD0A695F, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\77FD6918-29A5-4F0B-B1A7-EDEADD0A695F.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6ae0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\797D396D-AC42-4AB5-A395-D4C7890DB4E6, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\797D396D-AC42-4AB5-A395-D4C7890DB4E6, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\797D396D-AC42-4AB5-A395-D4C7890DB4E6.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6ae4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\7A123EA5-56EE-4596-A54E-8E612EE6B11E, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\7A123EA5-56EE-4596-A54E-8E612EE6B11E, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\7A123EA5-56EE-4596-A54E-8E612EE6B11E.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6ae8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\7CDC9D9C-BADA-4EA1-8A7A-91189CBCBB42, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\7CDC9D9C-BADA-4EA1-8A7A-91189CBCBB42, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\7CDC9D9C-BADA-4EA1-8A7A-91189CBCBB42.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6aec
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\7E661E9F-0FFD-4BF6-A6A9-A33E185C9131, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\7E661E9F-0FFD-4BF6-A6A9-A33E185C9131, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\7E661E9F-0FFD-4BF6-A6A9-A33E185C9131.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6af0
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\7E7F2D4D-7FEC-45D5-9242-391C5BBDCE7E, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\7E7F2D4D-7FEC-45D5-9242-391C5BBDCE7E, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\7E7F2D4D-7FEC-45D5-9242-391C5BBDCE7E.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6af4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\804C4A29-C626-4EB0-9A5A-CEC3A687FD1B, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\804C4A29-C626-4EB0-9A5A-CEC3A687FD1B, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\804C4A29-C626-4EB0-9A5A-CEC3A687FD1B.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6af8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\8377A58B-6BB9-496C-A6DF-9A7A076B4B41, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\8377A58B-6BB9-496C-A6DF-9A7A076B4B41, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\8377A58B-6BB9-496C-A6DF-9A7A076B4B41.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6afc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\8BE6D37C-5753-4A96-817E-B3C94B03A82D, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\8BE6D37C-5753-4A96-817E-B3C94B03A82D, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\8BE6D37C-5753-4A96-817E-B3C94B03A82D.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6b00
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\8C065BBF-7AD9-42C4-9735-9EEE5F756EA9, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\8C065BBF-7AD9-42C4-9735-9EEE5F756EA9, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\8C065BBF-7AD9-42C4-9735-9EEE5F756EA9.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6b04
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\8C607B24-1BCC-4C57-8CE9-EC64CDD7114B, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\8C607B24-1BCC-4C57-8CE9-EC64CDD7114B, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\8C607B24-1BCC-4C57-8CE9-EC64CDD7114B.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6b08
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\9403D050-B4D3-428F-920D-D3B5F01FD272, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\9403D050-B4D3-428F-920D-D3B5F01FD272, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\9403D050-B4D3-428F-920D-D3B5F01FD272.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6b0c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\94D14502-E144-414C-89AE-0998D2709D89, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\94D14502-E144-414C-89AE-0998D2709D89, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\94D14502-E144-414C-89AE-0998D2709D89.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6b10
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\9854EE7B-727A-4189-BCA8-C1A2F7C3ED6D, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\9854EE7B-727A-4189-BCA8-C1A2F7C3ED6D, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\9854EE7B-727A-4189-BCA8-C1A2F7C3ED6D.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6b14
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\9B5E72BE-B516-4DBE-8414-EC40CCF98DF5, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\9B5E72BE-B516-4DBE-8414-EC40CCF98DF5, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\9B5E72BE-B516-4DBE-8414-EC40CCF98DF5.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6b18
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\9CDDC916-A2AC-41E6-B1B9-CA1B9971F195, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\9CDDC916-A2AC-41E6-B1B9-CA1B9971F195, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\9CDDC916-A2AC-41E6-B1B9-CA1B9971F195.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6b1c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\A20B85A3-C624-401C-946D-7F2C8C9E0EB0, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\A20B85A3-C624-401C-946D-7F2C8C9E0EB0, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\A20B85A3-C624-401C-946D-7F2C8C9E0EB0.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6b20
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\A3899EB7-943F-45BF-9B62-7976C872C7D6, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\A3899EB7-943F-45BF-9B62-7976C872C7D6, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\A3899EB7-943F-45BF-9B62-7976C872C7D6.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6b24
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\A590259A-C20F-4378-9A6C-F9556FC0CBA6, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\A590259A-C20F-4378-9A6C-F9556FC0CBA6, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\A590259A-C20F-4378-9A6C-F9556FC0CBA6.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6b28
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\A6B97942-B79F-460B-AEB5-87B754D40071, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\A6B97942-B79F-460B-AEB5-87B754D40071, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\A6B97942-B79F-460B-AEB5-87B754D40071.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6b2c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\AD0C61F1-C301-4A56-8793-549CFDE8A507, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\AD0C61F1-C301-4A56-8793-549CFDE8A507, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\AD0C61F1-C301-4A56-8793-549CFDE8A507.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6b30
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\B8FFF45C-0C8F-4785-B42F-24711207C09E, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\B8FFF45C-0C8F-4785-B42F-24711207C09E, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\B8FFF45C-0C8F-4785-B42F-24711207C09E.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6b34
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\BA1A7D9C-8B77-4E7D-97E6-EFCC062E7F93, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\BA1A7D9C-8B77-4E7D-97E6-EFCC062E7F93, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\BA1A7D9C-8B77-4E7D-97E6-EFCC062E7F93.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6b38
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\BAB84B72-0292-47C4-A0B3-39B2FB0A440D, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\BAB84B72-0292-47C4-A0B3-39B2FB0A440D, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\BAB84B72-0292-47C4-A0B3-39B2FB0A440D.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6b3c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\BCBCE985-2A13-4141-A7A2-2395FC5BAD3E, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\BCBCE985-2A13-4141-A7A2-2395FC5BAD3E, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\BCBCE985-2A13-4141-A7A2-2395FC5BAD3E.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6b40
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\C8E2BE08-3214-419E-98CF-7DB7BAFDF7AF, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\C8E2BE08-3214-419E-98CF-7DB7BAFDF7AF, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\C8E2BE08-3214-419E-98CF-7DB7BAFDF7AF.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6b44
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\CA21D7B1-0D7B-41BF-A409-4B77C898A44F, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\CA21D7B1-0D7B-41BF-A409-4B77C898A44F, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\CA21D7B1-0D7B-41BF-A409-4B77C898A44F.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6b48
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\CF1CC7BF-A425-4541-8A36-51BFF9F38CBF, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\CF1CC7BF-A425-4541-8A36-51BFF9F38CBF, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\CF1CC7BF-A425-4541-8A36-51BFF9F38CBF.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6b4c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\D377C338-B3B0-4E63-9CD5-EE0A4AFF13CD, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\D377C338-B3B0-4E63-9CD5-EE0A4AFF13CD, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\D377C338-B3B0-4E63-9CD5-EE0A4AFF13CD.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6b50
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\D99D1198-2688-447D-9BF2-F9F9C1375AFD, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\D99D1198-2688-447D-9BF2-F9F9C1375AFD, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\D99D1198-2688-447D-9BF2-F9F9C1375AFD.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6b54
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\D9C1BAAC-9EDD-4EBD-BD8A-5B53E9904C13, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\D9C1BAAC-9EDD-4EBD-BD8A-5B53E9904C13, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\D9C1BAAC-9EDD-4EBD-BD8A-5B53E9904C13.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6b58
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\E00BE78D-CFF7-47B9-8E8C-37ADF516B28A, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\E00BE78D-CFF7-47B9-8E8C-37ADF516B28A, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\E00BE78D-CFF7-47B9-8E8C-37ADF516B28A.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6b5c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\E164F0A7-B014-475B-BC5C-1C1285127D5A, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\E164F0A7-B014-475B-BC5C-1C1285127D5A, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\E164F0A7-B014-475B-BC5C-1C1285127D5A.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6b60
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\E277E429-138B-4461-B716-C03D493C22D0, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\E277E429-138B-4461-B716-C03D493C22D0, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\E277E429-138B-4461-B716-C03D493C22D0.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6b64
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\E4FDC49F-730A-46D4-9B3E-AE4CD4D8873A, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\E4FDC49F-730A-46D4-9B3E-AE4CD4D8873A, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\E4FDC49F-730A-46D4-9B3E-AE4CD4D8873A.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6b68
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\F1AC218A-8D02-402C-876E-4B0E2A662BFA, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\F1AC218A-8D02-402C-876E-4B0E2A662BFA, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\F1AC218A-8D02-402C-876E-4B0E2A662BFA.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6b6c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\F442332F-BE2E-45C6-B52A-9FA2F82F4F72, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\F442332F-BE2E-45C6-B52A-9FA2F82F4F72, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\F442332F-BE2E-45C6-B52A-9FA2F82F4F72.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6b70
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\F85AB5DD-848A-4CA1-A9F0-ECCF7052094F, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\F85AB5DD-848A-4CA1-A9F0-ECCF7052094F, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\F85AB5DD-848A-4CA1-A9F0-ECCF7052094F.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6b74
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\FA975BDF-A96C-4D1C-A93C-60FD5D97AC90, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\FA975BDF-A96C-4D1C-A93C-60FD5D97AC90, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\clienttemplates.content.office.net\FA975BDF-A96C-4D1C-A93C-60FD5D97AC90.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6b78
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\03E95D48-EBA7-4D0E-895B-1582FC40EC0D, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\03E95D48-EBA7-4D0E-895B-1582FC40EC0D, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\03E95D48-EBA7-4D0E-895B-1582FC40EC0D.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6b7c
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\82BD62FD-974C-42F4-866A-5C738238984B, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\82BD62FD-974C-42F4-866A-5C738238984B, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\82BD62FD-974C-42F4-866A-5C738238984B.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6b80
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\8BD876A5-9C43-4F45-9565-3FAF3AC71A0B, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\8BD876A5-9C43-4F45-9565-3FAF3AC71A0B, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\8BD876A5-9C43-4F45-9565-3FAF3AC71A0B.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6b84
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\9097A298-E9C2-4AFF-8C46-428E8A30E31C, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\9097A298-E9C2-4AFF-8C46-428E8A30E31C, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\9097A298-E9C2-4AFF-8C46-428E8A30E31C.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6b88
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\C246F9AB-D3D8-41D6-AD9F-FDA8F3368F67, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Move | source_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\C246F9AB-D3D8-41D6-AD9F-FDA8F3368F67, destination_filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\C246F9AB-D3D8-41D6-AD9F-FDA8F3368F67.RYK, flags = MOVEFILE_WRITE_THROUGH |
|
1 |
Thread 0x6b8c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\PowerP16.customUI.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\PowerP16.customUI.RYK, type = size, size_out = 3810 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\PowerP16.customUI.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6b90
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\Word16.customUI.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\Word16.customUI.RYK, type = size, size_out = 3794 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\Word16.customUI.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6b98
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayLogo.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayLogo.png.RYK, type = size, size_out = 4946 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayLogo.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6b9c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayOptIn.gif.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayOptIn.gif.RYK, type = size, size_out = 383506 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayOptIn.gif.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6ba0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayOptIn.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayOptIn.png.RYK, type = size, size_out = 10514 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\AutoPlayOptIn.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6ba4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\CollectOneDriveLogs.bat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\CollectOneDriveLogs.bat.RYK, type = size, size_out = 6130 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\CollectOneDriveLogs.bat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6ba8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\ExclusionList.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\ExclusionList.xml.RYK, type = size, size_out = 20338 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626\ExclusionList.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6bac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayLogo.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayLogo.png.RYK, type = size, size_out = 4946 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayLogo.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6bb0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayOptIn.gif.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayOptIn.gif.RYK, type = size, size_out = 383506 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayOptIn.gif.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6bb4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayOptIn.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayOptIn.png.RYK, type = size, size_out = 10514 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\AutoPlayOptIn.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6bb8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\CollectOneDriveLogs.bat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\CollectOneDriveLogs.bat.RYK, type = size, size_out = 6130 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\CollectOneDriveLogs.bat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6bbc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\ExclusionList.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\ExclusionList.xml.RYK, type = size, size_out = 20338 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.5892.0626_1\ExclusionList.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6bc0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\adm\OneDrive.adml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\adm\OneDrive.adml.RYK, type = size, size_out = 19890 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\adm\OneDrive.adml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6bc4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\adm\OneDrive.admx.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\adm\OneDrive.admx.RYK, type = size, size_out = 10114 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\adm\OneDrive.admx.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6bc8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\alertIcon.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\alertIcon.png.RYK, type = size, size_out = 994 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\alertIcon.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6bcc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppBlue.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppBlue.png.RYK, type = size, size_out = 5778 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppBlue.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6bd0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppErrorBlue.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppErrorBlue.png.RYK, type = size, size_out = 7858 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppErrorBlue.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6bd4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppErrorWhite.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppErrorWhite.png.RYK, type = size, size_out = 8578 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppErrorWhite.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6bd8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppWhite.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppWhite.png.RYK, type = size, size_out = 3330 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AppWhite.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6bdc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AutoPlayOptIn.gif.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AutoPlayOptIn.gif.RYK, type = size, size_out = 383506 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AutoPlayOptIn.gif.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6be0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AutoPlayOptIn.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AutoPlayOptIn.png.RYK, type = size, size_out = 10514 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\AutoPlayOptIn.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6bec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\CollectSyncLogs.bat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\CollectSyncLogs.bat.RYK, type = size, size_out = 6706 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\CollectSyncLogs.bat.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6bf0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ElevatedAppBlue.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ElevatedAppBlue.png.RYK, type = size, size_out = 7666 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ElevatedAppBlue.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6bf4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ElevatedAppWhite.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ElevatedAppWhite.png.RYK, type = size, size_out = 5346 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ElevatedAppWhite.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6bf8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\Error.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\Error.png.RYK, type = size, size_out = 8066 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\Error.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6bfc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ErrorPage.html.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ErrorPage.html.RYK, type = size, size_out = 5346 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ErrorPage.html.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x850
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\acmDismissIcon.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\acmDismissIcon.svg.RYK, type = size, size_out = 2578 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\acmDismissIcon.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x680c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\blurrect.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\blurrect.png.RYK, type = size, size_out = 1090 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\blurrect.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6840
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_finished.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_finished.svg.RYK, type = size, size_out = 498 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_finished.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6848
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_hovered.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_hovered.svg.RYK, type = size, size_out = 674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_hovered.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x683c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_in_progress.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_in_progress.svg.RYK, type = size, size_out = 674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_in_progress.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3cc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_selected.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_selected.svg.RYK, type = size, size_out = 674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\checkmark_selected.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x681c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\chevron.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\chevron.svg.RYK, type = size, size_out = 578 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\chevron.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6838
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\chevronUp.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\chevronUp.svg.RYK, type = size, size_out = 546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\chevronUp.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x3f0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\cloud.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\cloud.svg.RYK, type = size, size_out = 2018 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\cloud.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6828
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\done_graphic.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\done_graphic.svg.RYK, type = size, size_out = 32658 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\done_graphic.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6810
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\errorIcon.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\errorIcon.svg.RYK, type = size, size_out = 1074 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\errorIcon.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6808
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder.svg.RYK, type = size, size_out = 578 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x880
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_desktop.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_desktop.svg.RYK, type = size, size_out = 2226 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_desktop.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x298
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_documents.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_documents.svg.RYK, type = size, size_out = 20818 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_documents.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x844
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_pictures.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_pictures.svg.RYK, type = size, size_out = 12834 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\folder_image_pictures.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x2410
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\iceBucket.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\iceBucket.svg.RYK, type = size, size_out = 6210 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\iceBucket.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x21e8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\loading.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\loading.svg.RYK, type = size, size_out = 994 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\loading.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6984
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\loading_spinner.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\loading_spinner.svg.RYK, type = size, size_out = 722 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\loading_spinner.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x69e0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onDemandFiles.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onDemandFiles.svg.RYK, type = size, size_out = 7794 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onDemandFiles.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6c04
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onDemandSelectiveSync.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onDemandSelectiveSync.svg.RYK, type = size, size_out = 2930 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onDemandSelectiveSync.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6c08
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onedrivePremium.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onedrivePremium.svg.RYK, type = size, size_out = 1410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\onedrivePremium.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6c0c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\overflowIcon.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\overflowIcon.svg.RYK, type = size, size_out = 1266 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\overflowIcon.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6c10
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\overflowIconWhite.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\overflowIconWhite.svg.RYK, type = size, size_out = 1202 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\overflowIconWhite.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6c14
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\partiallyFreezing.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\partiallyFreezing.svg.RYK, type = size, size_out = 4690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\partiallyFreezing.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6c18
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\settings.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\settings.svg.RYK, type = size, size_out = 1666 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\settings.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6c1c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\settingsdisabled.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\settingsdisabled.svg.RYK, type = size, size_out = 1666 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\settingsdisabled.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6c20
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\signIn.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\signIn.svg.RYK, type = size, size_out = 11218 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\signIn.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6c24
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\stackedIceCubes.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\stackedIceCubes.svg.RYK, type = size, size_out = 5090 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\stackedIceCubes.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6c28
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\waterGlass.svg.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\waterGlass.svg.RYK, type = size, size_out = 2114 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\images\waterGlass.svg.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6c30
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\LoadingPage.html.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\LoadingPage.html.RYK, type = size, size_out = 6690 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\LoadingPage.html.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6c34
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\OneDriveLogo.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\OneDriveLogo.png.RYK, type = size, size_out = 4946 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\OneDriveLogo.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6c38
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\fabricmdl2.ttf.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\fabricmdl2.ttf.RYK, type = size, size_out = 106866 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\fabricmdl2.ttf.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6c3c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls\Styles\Flat\qmldir.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls\Styles\Flat\qmldir.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls\Styles\Flat\qmldir.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6c40
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls\Styles\qmldir.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls\Styles\qmldir.RYK, type = size, size_out = 1858 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls\Styles\qmldir.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6c44
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\Button.qml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\Button.qml.RYK, type = size, size_out = 3874 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\Button.qml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6c48
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\Menu.qml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\Menu.qml.RYK, type = size, size_out = 3154 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\Menu.qml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6c4c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\MenuItem.qml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\MenuItem.qml.RYK, type = size, size_out = 3922 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\MenuItem.qml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6c50
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\plugins.qmltypes.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\RyukReadMe.txt, type = size, size_out = 70994 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\RyukReadMe.txt, size = 25, size_out = 25 |
|
1 |
Thread 0x6c54
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ProgressBar.qml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ProgressBar.qml.RYK, type = size, size_out = 3074 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ProgressBar.qml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6c58
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\qmldir.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\qmldir.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\qmldir.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6c5c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ScrollBar.qml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ScrollBar.qml.RYK, type = size, size_out = 3410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ScrollBar.qml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6c60
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ScrollIndicator.qml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ScrollIndicator.qml.RYK, type = size, size_out = 3266 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Controls.2\ScrollIndicator.qml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6c64
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Extras\plugins.qmltypes.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Extras\plugins.qmltypes.RYK, type = size, size_out = 30162 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Extras\plugins.qmltypes.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6c68
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Extras\qmldir.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Extras\qmldir.RYK, type = size, size_out = 434 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Extras\qmldir.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6c6c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Layouts\plugins.qmltypes.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Layouts\plugins.qmltypes.RYK, type = size, size_out = 4066 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Layouts\plugins.qmltypes.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6c70
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Layouts\qmldir.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Layouts\qmldir.RYK, type = size, size_out = 418 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Layouts\qmldir.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6c74
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Templates.2\plugins.qmltypes.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Templates.2\plugins.qmltypes.RYK, type = size, size_out = 51522 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Templates.2\plugins.qmltypes.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6c78
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Templates.2\qmldir.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Templates.2\qmldir.RYK, type = size, size_out = 402 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Templates.2\qmldir.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6c7c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Window.2\plugins.qmltypes.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Window.2\plugins.qmltypes.RYK, type = size, size_out = 12050 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Window.2\plugins.qmltypes.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6c80
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Window.2\qmldir.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Window.2\qmldir.RYK, type = size, size_out = 402 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick\Window.2\qmldir.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6c84
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick.2\plugins.qmltypes.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick.2\plugins.qmltypes.RYK, type = size, size_out = 185970 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick.2\plugins.qmltypes.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6c88
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick.2\qmldir.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick.2\qmldir.RYK, type = size, size_out = 386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\qml\QtQuick.2\qmldir.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6c8c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaCritical.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaCritical.png.RYK, type = size, size_out = 9090 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaCritical.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6c90
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaError.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaError.png.RYK, type = size, size_out = 9570 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaError.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6c94
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaNearing.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaNearing.png.RYK, type = size, size_out = 7794 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\QuotaNearing.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6c98
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\SaveApplicationEventLogs.wsf.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\SaveApplicationEventLogs.wsf.RYK, type = size, size_out = 1778 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\SaveApplicationEventLogs.wsf.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6c9c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ScreenshotOptIn.gif.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ScreenshotOptIn.gif.RYK, type = size, size_out = 243778 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ScreenshotOptIn.gif.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6ca0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\TestSharePage.html.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\TestSharePage.html.RYK, type = size, size_out = 1442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\TestSharePage.html.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6ca4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ThirdPartyNotices.txt.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ThirdPartyNotices.txt.RYK, type = size, size_out = 49410 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\ThirdPartyNotices.txt.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6ca8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\Warning.png.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\Warning.png.RYK, type = size, size_out = 2882 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\17.3.6998.0830\Warning.png.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6cac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-12.641.736.1.odl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-12.641.736.1.odl.RYK, type = size, size_out = 15554 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-12.641.736.1.odl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6cb0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-13.114.4068.1.odl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-13.114.4068.1.odl.RYK, type = size, size_out = 11570 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-13.114.4068.1.odl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6cb4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-13.2154.3480.1.odl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-13.2154.3480.1.odl.RYK, type = size, size_out = 11570 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-13.2154.3480.1.odl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6cb8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-18.2324.2928.1.odl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-18.2324.2928.1.odl.RYK, type = size, size_out = 11570 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-18.2324.2928.1.odl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6cbc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-21.155.3700.1.odl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-21.155.3700.1.odl.RYK, type = size, size_out = 11570 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-7-21.155.3700.1.odl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6cc0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-9-26.2241.1252.1.odl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-9-26.2241.1252.1.odl.RYK, type = size, size_out = 11250 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-9-26.2241.1252.1.odl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6cc4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-9-26.63.3668.1.odl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-9-26.63.3668.1.odl.RYK, type = size, size_out = 15874 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2017-9-26.63.3668.1.odl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6cc8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\standaloneUpdaterTelemetryCache.otc.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\standaloneUpdaterTelemetryCache.otc.RYK, type = size, size_out = 20770 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\standaloneUpdaterTelemetryCache.otc.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6ccc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\standaloneUpdaterTelemetryCache.otc.session.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\standaloneUpdaterTelemetryCache.otc.session.RYK, type = size, size_out = 20770 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\standaloneUpdaterTelemetryCache.otc.session.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6cd0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\telemetryCache.otc.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\telemetryCache.otc.RYK, type = size, size_out = 10517214 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\telemetryCache.otc.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6cd4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\telemetryCache.otc.session.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\telemetryCache.otc.session.RYK, type = size, size_out = 66450 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Common\telemetryCache.otc.session.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6cd8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceArchive.5892.0626-0.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceArchive.5892.0626-0.etl.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceArchive.5892.0626-0.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6cdc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceArchive.6917.0607-1.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceArchive.6917.0607-1.etl.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceArchive.6917.0607-1.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6ce0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceCurrent.6998.0830.etl.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceCurrent.6998.0830.etl.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\logs\Personal\TraceCurrent.6998.0830.etl.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6ce4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\OneDrivePersonal.cmd.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\OneDrivePersonal.cmd.RYK, type = size, size_out = 354 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\OneDrivePersonal.cmd.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6ce8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_121120_934-848.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_121120_934-848.log.RYK, type = size, size_out = 9650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_121120_934-848.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6cec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_121121_d68-ddc.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_121121_d68-ddc.log.RYK, type = size, size_out = 8994 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_121121_d68-ddc.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6cf0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_123817_760-808.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_123817_760-808.log.RYK, type = size, size_out = 9650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_123817_760-808.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6cf4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_123818_e38-824.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_123818_e38-824.log.RYK, type = size, size_out = 8994 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_123818_e38-824.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6cf8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_133220_864-704.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_133220_864-704.log.RYK, type = size, size_out = 9650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_133220_864-704.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6cfc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_133220_ae0-29c.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_133220_ae0-29c.log.RYK, type = size, size_out = 8978 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\2017-07-21_133220_ae0-29c.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6d00
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-05-24_104601_b30-494.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-05-24_104601_b30-494.log.RYK, type = size, size_out = 464930 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-05-24_104601_b30-494.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6d04
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-07-12_164141_b14-7f0.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-07-12_164141_b14-7f0.log.RYK, type = size, size_out = 578546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-07-12_164141_b14-7f0.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6d08
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-09-26_160326_bb4-8e8.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-09-26_160326_bb4-8e8.log.RYK, type = size, size_out = 604642 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-09-26_160326_bb4-8e8.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6d0c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-05-24_104600_528-57c.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-05-24_104600_528-57c.log.RYK, type = size, size_out = 94210 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-05-24_104600_528-57c.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6d10
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-07-12_164138_904-4d0.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-07-12_164138_904-4d0.log.RYK, type = size, size_out = 113074 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-07-12_164138_904-4d0.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6d14
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-09-26_160323_3a0-354.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-09-26_160323_3a0-354.log.RYK, type = size, size_out = 119810 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\Install_2017-09-26_160323_3a0-354.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6d18
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc.RYK, type = size, size_out = 20770 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6d1c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc.session.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc.session.RYK, type = size, size_out = 20770 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc.session.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6d20
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-12_164130_2e0-2c8.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-12_164130_2e0-2c8.log.RYK, type = size, size_out = 4594 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-12_164130_2e0-2c8.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6d24
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-13_111425_fe4-f74.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-13_111425_fe4-f74.log.RYK, type = size, size_out = 2290 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-13_111425_fe4-f74.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6d28
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-14_075507_d98-d94.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-14_075507_d98-d94.log.RYK, type = size, size_out = 2290 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-14_075507_d98-d94.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6d2c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-19_092447_b70-3a8.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-19_092447_b70-3a8.log.RYK, type = size, size_out = 2290 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-19_092447_b70-3a8.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6d30
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-21_115555_e74-e78.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-21_115555_e74-e78.log.RYK, type = size, size_out = 2290 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-07-21_115555_e74-e78.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6d34
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-09-26_160311_e54-e58.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-09-26_160311_e54-e58.log.RYK, type = size, size_out = 4578 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-09-26_160311_e54-e58.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6d38
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-09-27_084159_4e4-594.log.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-09-27_084159_4e4-594.log.RYK, type = size, size_out = 2290 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\StandaloneUpdate_2017-09-27_084159_4e4-594.log.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6d3c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc.RYK, type = size, size_out = 20770 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6d40
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc.session.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc.session.RYK, type = size, size_out = 20770 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc.session.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6d44
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\StandaloneUpdater\Update.xml.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\StandaloneUpdater\Update.xml.RYK, type = size, size_out = 674 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneDrive\StandaloneUpdater\Update.xml.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6d48
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000000.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000000.bin.RYK, type = size, size_out = 12578 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000000.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6d4c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000001.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000001.bin.RYK, type = size, size_out = 20770 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000001.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6d50
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000004.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000004.bin.RYK, type = size, size_out = 14738 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000004.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6d54
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000005.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000005.bin.RYK, type = size, size_out = 19522 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000005.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6d58
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000006.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000006.bin.RYK, type = size, size_out = 1890 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000006.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6d5c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000007.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000007.bin.RYK, type = size, size_out = 2514 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000007.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6d60
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000008.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000008.bin.RYK, type = size, size_out = 3954 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000008.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6d64
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000009.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000009.bin.RYK, type = size, size_out = 13314 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000009.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6d68
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000C.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000C.bin.RYK, type = size, size_out = 5666 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000C.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6d6c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000D.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000D.bin.RYK, type = size, size_out = 7650 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000D.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6d70
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000F.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000F.bin.RYK, type = size, size_out = 5122 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000F.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6d74
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000G.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000G.bin.RYK, type = size, size_out = 2498 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000G.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6d78
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000H.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000H.bin.RYK, type = size, size_out = 1938 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000H.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6d7c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000I.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000I.bin.RYK, type = size, size_out = 4162 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000I.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6d80
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000J.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000J.bin.RYK, type = size, size_out = 13362 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000J.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6d84
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000L.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000L.bin.RYK, type = size, size_out = 2610 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000L.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6d88
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000M.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000M.bin.RYK, type = size, size_out = 4466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000M.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6d8c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000N.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000N.bin.RYK, type = size, size_out = 22914 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000N.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6d90
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000O.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000O.bin.RYK, type = size, size_out = 16290 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000O.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6d94
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000P.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000P.bin.RYK, type = size, size_out = 17570 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000P.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6d98
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000Q.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000Q.bin.RYK, type = size, size_out = 4770 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000Q.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6d9c
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000R.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000R.bin.RYK, type = size, size_out = 8466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000R.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6da0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000S.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000S.bin.RYK, type = size, size_out = 4466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000S.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6da4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000T.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000T.bin.RYK, type = size, size_out = 4466 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000T.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6da8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000U.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000U.bin.RYK, type = size, size_out = 14018 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000U.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6dac
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000V.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000V.bin.RYK, type = size, size_out = 4370 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000000V.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6db0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000010.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000010.bin.RYK, type = size, size_out = 2210 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000010.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6db4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000011.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000011.bin.RYK, type = size, size_out = 2882 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000011.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6db8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000012.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000012.bin.RYK, type = size, size_out = 11730 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000012.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6dbc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000013.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000013.bin.RYK, type = size, size_out = 14834 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000013.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6dc0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000014.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000014.bin.RYK, type = size, size_out = 11618 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000014.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6dc4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000015.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000015.bin.RYK, type = size, size_out = 13522 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000015.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6dc8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000016.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000016.bin.RYK, type = size, size_out = 1858 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000016.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6dcc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000017.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000017.bin.RYK, type = size, size_out = 12162 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000017.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6dd0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000018.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000018.bin.RYK, type = size, size_out = 2546 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000018.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6dd4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003K.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003K.bin.RYK, type = size, size_out = 12578 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003K.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6dd8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003L.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003L.bin.RYK, type = size, size_out = 8482 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003L.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6ddc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003M.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003M.bin.RYK, type = size, size_out = 4386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003M.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6de0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003N.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003N.bin.RYK, type = size, size_out = 33058 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000003N.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6de4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000048.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000048.bin.RYK, type = size, size_out = 49442 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\00000048.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6de8
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000004U.bin.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000004U.bin.RYK, type = size, size_out = 4386 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\0000004U.bin.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6dec
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\header.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\header.RYK, type = size, size_out = 354 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OneNote\16.0\cache\header.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6df0
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\TokenBroker\Cache\8d68c2e8263ce2da4efc5fc5f9a0c85c16c38ae4.tbres.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\TokenBroker\Cache\8d68c2e8263ce2da4efc5fc5f9a0c85c16c38ae4.tbres.RYK, type = size, size_out = 2242 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\TokenBroker\Cache\8d68c2e8263ce2da4efc5fc5f9a0c85c16c38ae4.tbres.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6df4
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\4BF4C442-9B8A-41A0-B380-DD4A704DDB28\Policy.vpol.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\4BF4C442-9B8A-41A0-B380-DD4A704DDB28\Policy.vpol.RYK, type = size, size_out = 722 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\4BF4C442-9B8A-41A0-B380-DD4A704DDB28\Policy.vpol.RYK, size = 25, size_out = 25 |
|
1 |
Thread 0x6df8
4
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\UserProfileRoaming\Latest.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\UserProfileRoaming\Latest.dat.RYK, type = size, size_out = 1 |
|
2 |
Thread 0x6dfc
5
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Visio\content16.dat.RYK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Visio\content16.dat.RYK, type = size, size_out = 276130 |
|
2 | |
| File | Read | filename = C:\Documents and Settings\CIiHmnxMn6Ps\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Visio\content16.dat.RYK, size = 25, size_out = 25 |
|
1 |
Process #3: sihost.exe
86
0
| Information | Value |
|---|---|
| ID | #3 |
| File Name | c:\windows\system32\sihost.exe |
| Command Line | sihost.exe |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:02:02, Reason: Injection |
| Unmonitor | End Time: 00:02:30, Reason: Crashed |
| Monitor Duration | 00:00:28 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x704 |
| Parent PID | 0x324 (c:\windows\system32\svchost.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
728
0x
BF8
0x
968
0x
490
0x
7CC
0x
7C8
0x
7BC
0x
7B0
0x
7AC
0x
774
0x
770
0x
76C
0x
708
0x
C34
0x
CB0
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| pagefile_0x0000001e5f0d0000 | 0x1e5f0d0000 | 0x1e5f0dffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000001e5f0e0000 | 0x1e5f0e0000 | 0x1e5f0e6fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000001e5f0f0000 | 0x1e5f0f0000 | 0x1e5f103fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000001e5f110000 | 0x1e5f110000 | 0x1e5f18ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000001e5f190000 | 0x1e5f190000 | 0x1e5f193fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000001e5f1a0000 | 0x1e5f1a0000 | 0x1e5f1a1fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x1e5f1b0000 | 0x1e5f26dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000001e5f270000 | 0x1e5f270000 | 0x1e5f2effff | Private Memory | rw |
|
|
|
- |
| private_0x0000001e5f2f0000 | 0x1e5f2f0000 | 0x1e5f2f6fff | Private Memory | rw |
|
|
|
- |
| private_0x0000001e5f300000 | 0x1e5f300000 | 0x1e5f300fff | Private Memory | rw |
|
|
|
- |
| private_0x0000001e5f310000 | 0x1e5f310000 | 0x1e5f310fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000001e5f320000 | 0x1e5f320000 | 0x1e5f320fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000001e5f330000 | 0x1e5f330000 | 0x1e5f330fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000001e5f340000 | 0x1e5f340000 | 0x1e5f43ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000001e5f440000 | 0x1e5f440000 | 0x1e5f53ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000001e5f540000 | 0x1e5f540000 | 0x1e5f54ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000001e5f550000 | 0x1e5f550000 | 0x1e5f6d7fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000001e5f6e0000 | 0x1e5f6e0000 | 0x1e5f860fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000001e5f870000 | 0x1e5f870000 | 0x1e60c6ffff | Pagefile Backed Memory | r |
|
|
|
- |
| sortdefault.nls | 0x1e60c70000 | 0x1e60fa6fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000001e60fb0000 | 0x1e60fb0000 | 0x1e6102ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000001e61030000 | 0x1e61030000 | 0x1e610affff | Private Memory | rw |
|
|
|
- |
| private_0x0000001e610b0000 | 0x1e610b0000 | 0x1e6112ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000001e61130000 | 0x1e61130000 | 0x1e611affff | Private Memory | rw |
|
|
|
- |
| private_0x0000001e611b0000 | 0x1e611b0000 | 0x1e6122ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000001e61230000 | 0x1e61230000 | 0x1e612affff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000001e612b0000 | 0x1e612b0000 | 0x1e612d9fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000001e612f0000 | 0x1e612f0000 | 0x1e612fffff | Private Memory | rw |
|
|
|
- |
| private_0x0000001e61300000 | 0x1e61300000 | 0x1e613fffff | Private Memory | rw |
|
|
|
- |
| private_0x0000001e61400000 | 0x1e61400000 | 0x1e61bfffff | Private Memory | - |
|
|
|
- |
| private_0x0000001e61c00000 | 0x1e61c00000 | 0x1e61c7ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000001e61c80000 | 0x1e61c80000 | 0x1e61cfffff | Private Memory | rw |
|
|
|
- |
| private_0x0000001e61d00000 | 0x1e61d00000 | 0x1e61d7ffff | Private Memory | rw |
|
|
|
- |
| kernelbase.dll.mui | 0x1e61d80000 | 0x1e61e5efff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000001e61e60000 | 0x1e61e60000 | 0x1e61edffff | Private Memory | rw |
|
|
|
- |
| private_0x0000001e61ee0000 | 0x1e61ee0000 | 0x1e61f5ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000001e61f60000 | 0x1e61f60000 | 0x1e61fdffff | Private Memory | rw |
|
|
|
- |
| private_0x0000001e62060000 | 0x1e62060000 | 0x1e620dffff | Private Memory | rw |
|
|
|
- |
| private_0x0000001e620e0000 | 0x1e620e0000 | 0x1e621dffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff450000 | 0x7df5ff450000 | 0x7ff5ff44ffff | Pagefile Backed Memory | - |
|
|
|
- |
| private_0x00007ff6d3e70000 | 0x7ff6d3e70000 | 0x7ff6d4205fff | Private Memory | rwx |
|
|
|
- |
| private_0x00007ff7050ac000 | 0x7ff7050ac000 | 0x7ff7050adfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7050b0000 | 0x7ff7050b0000 | 0x7ff7050b1fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7050b2000 | 0x7ff7050b2000 | 0x7ff7050b3fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7050b4000 | 0x7ff7050b4000 | 0x7ff7050b5fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7050b6000 | 0x7ff7050b6000 | 0x7ff7050b7fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7050b8000 | 0x7ff7050b8000 | 0x7ff7050b9fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7050ba000 | 0x7ff7050ba000 | 0x7ff7050bbfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7050bc000 | 0x7ff7050bc000 | 0x7ff7050bdfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7050be000 | 0x7ff7050be000 | 0x7ff7050bffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007ff7050c0000 | 0x7ff7050c0000 | 0x7ff7051bffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff7051c0000 | 0x7ff7051c0000 | 0x7ff7051e2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff7051e3000 | 0x7ff7051e3000 | 0x7ff7051e4fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7051e5000 | 0x7ff7051e5000 | 0x7ff7051e5fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7051e6000 | 0x7ff7051e6000 | 0x7ff7051e7fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7051e8000 | 0x7ff7051e8000 | 0x7ff7051e9fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7051ea000 | 0x7ff7051ea000 | 0x7ff7051ebfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7051ec000 | 0x7ff7051ec000 | 0x7ff7051edfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7051ee000 | 0x7ff7051ee000 | 0x7ff7051effff | Private Memory | rw |
|
|
|
- |
| sihost.exe | 0x7ff705a50000 | 0x7ff705a65fff | Memory Mapped File | rwx |
|
|
|
- |
| staterepository.core.dll | 0x7ffc46310000 | 0x7ffc463a8fff | Memory Mapped File | rwx |
|
|
|
- |
| windows.staterepository.dll | 0x7ffc463b0000 | 0x7ffc46641fff | Memory Mapped File | rwx |
|
|
|
- |
| licensemanagerapi.dll | 0x7ffc488a0000 | 0x7ffc488abfff | Memory Mapped File | rwx |
|
|
|
- |
| twinui.appcore.dll | 0x7ffc48970000 | 0x7ffc48b7cfff | Memory Mapped File | rwx |
|
|
|
- |
| execmodelproxy.dll | 0x7ffc48b80000 | 0x7ffc48b94fff | Memory Mapped File | rwx |
|
|
|
- |
| sharehost.dll | 0x7ffc48c80000 | 0x7ffc48d24fff | Memory Mapped File | rwx |
|
|
|
- |
| appcontracts.dll | 0x7ffc48d30000 | 0x7ffc48ddbfff | Memory Mapped File | rwx |
|
|
|
- |
| wpportinglibrary.dll | 0x7ffc48de0000 | 0x7ffc48de8fff | Memory Mapped File | rwx |
|
|
|
- |
| modernexecserver.dll | 0x7ffc48df0000 | 0x7ffc48ec7fff | Memory Mapped File | rwx |
|
|
|
- |
| dsclient.dll | 0x7ffc48ed0000 | 0x7ffc48edbfff | Memory Mapped File | rwx |
|
|
|
- |
| userdatatypehelperutil.dll | 0x7ffc48ee0000 | 0x7ffc48ef0fff | Memory Mapped File | rwx |
|
|
|
- |
| appointmentactivation.dll | 0x7ffc48f00000 | 0x7ffc48f21fff | Memory Mapped File | rwx |
|
|
|
- |
| activationmanager.dll | 0x7ffc48f30000 | 0x7ffc48f8dfff | Memory Mapped File | rwx |
|
|
|
- |
| edputil.dll | 0x7ffc48f90000 | 0x7ffc48fbefff | Memory Mapped File | rwx |
|
|
|
- |
| clipboardserver.dll | 0x7ffc48fc0000 | 0x7ffc48feffff | Memory Mapped File | rwx |
|
|
|
- |
| actxprxy.dll | 0x7ffc48ff0000 | 0x7ffc49459fff | Memory Mapped File | rwx |
|
|
|
- |
| windows.shell.servicehostbuilder.dll | 0x7ffc49460000 | 0x7ffc49471fff | Memory Mapped File | rwx |
|
|
|
- |
| desktopshellext.dll | 0x7ffc49480000 | 0x7ffc49496fff | Memory Mapped File | rwx |
|
|
|
- |
| coreuicomponents.dll | 0x7ffc49bb0000 | 0x7ffc49e10fff | Memory Mapped File | rwx |
|
|
|
- |
| ondemandbrokerclient.dll | 0x7ffc4b000000 | 0x7ffc4b010fff | Memory Mapped File | rwx |
|
|
|
- |
| notificationplatformcomponent.dll | 0x7ffc4b020000 | 0x7ffc4b02cfff | Memory Mapped File | rwx |
|
|
|
- |
| execmodelclient.dll | 0x7ffc4b030000 | 0x7ffc4b072fff | Memory Mapped File | rwx |
|
|
|
- |
| iertutil.dll | 0x7ffc4ddd0000 | 0x7ffc4e145fff | Memory Mapped File | rwx |
|
|
|
- |
| msvcp110_win.dll | 0x7ffc4f8f0000 | 0x7ffc4f981fff | Memory Mapped File | rwx |
|
|
|
- |
| policymanager.dll | 0x7ffc4f990000 | 0x7ffc4f9c8fff | Memory Mapped File | rwx |
|
|
|
- |
| xmllite.dll | 0x7ffc4fb00000 | 0x7ffc4fb35fff | Memory Mapped File | rwx |
|
|
|
- |
| wintypes.dll | 0x7ffc50c00000 | 0x7ffc50d30fff | Memory Mapped File | rwx |
|
|
|
- |
| usermgrproxy.dll | 0x7ffc50d40000 | 0x7ffc50d7dfff | Memory Mapped File | rwx |
|
|
|
- |
| propsys.dll | 0x7ffc511b0000 | 0x7ffc51332fff | Memory Mapped File | rwx |
|
|
|
- |
| mmdevapi.dll | 0x7ffc51340000 | 0x7ffc513b1fff | Memory Mapped File | rwx |
|
|
|
- |
| usermgrcli.dll | 0x7ffc51410000 | 0x7ffc5141ffff | Memory Mapped File | rwx |
|
|
|
- |
| winnsi.dll | 0x7ffc51c30000 | 0x7ffc51c3afff | Memory Mapped File | rwx |
|
|
|
- |
| iphlpapi.dll | 0x7ffc51c50000 | 0x7ffc51c87fff | Memory Mapped File | rwx |
|
|
|
- |
| dwmapi.dll | 0x7ffc525f0000 | 0x7ffc52611fff | Memory Mapped File | rwx |
|
|
|
- |
| coremessaging.dll | 0x7ffc52730000 | 0x7ffc527f7fff | Memory Mapped File | rwx |
|
|
|
- |
| uxtheme.dll | 0x7ffc52d70000 | 0x7ffc52e05fff | Memory Mapped File | rwx |
|
|
|
- |
| devobj.dll | 0x7ffc52ef0000 | 0x7ffc52f16fff | Memory Mapped File | rwx |
|
|
|
- |
| twinapi.appcore.dll | 0x7ffc52f40000 | 0x7ffc5302dfff | Memory Mapped File | rwx |
|
|
|
- |
| rmclient.dll | 0x7ffc531b0000 | 0x7ffc531d7fff | Memory Mapped File | rwx |
|
|
|
- |
| mpr.dll | 0x7ffc53810000 | 0x7ffc5382bfff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x7ffc53830000 | 0x7ffc5383bfff | Memory Mapped File | rwx |
|
|
|
- |
| ntmarta.dll | 0x7ffc53920000 | 0x7ffc53951fff | Memory Mapped File | rwx |
|
|
|
- |
| rsaenh.dll | 0x7ffc53a90000 | 0x7ffc53ac2fff | Memory Mapped File | rwx |
|
|
|
- |
| userenv.dll | 0x7ffc53b80000 | 0x7ffc53b9efff | Memory Mapped File | rwx |
|
|
|
- |
| cryptsp.dll | 0x7ffc54210000 | 0x7ffc54226fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x7ffc54280000 | 0x7ffc5428afff | Memory Mapped File | rwx |
|
|
|
- |
| sspicli.dll | 0x7ffc54320000 | 0x7ffc5434bfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| bcryptprimitives.dll | 0x7ffc543d0000 | 0x7ffc5443afff | Memory Mapped File | rwx |
|
|
|
- |
| profapi.dll | 0x7ffc54580000 | 0x7ffc54592fff | Memory Mapped File | rwx |
|
|
|
- |
| powrprof.dll | 0x7ffc545a0000 | 0x7ffc545e9fff | Memory Mapped File | rwx |
|
|
|
- |
| msasn1.dll | 0x7ffc545f0000 | 0x7ffc54600fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel.appcore.dll | 0x7ffc54610000 | 0x7ffc5461efff | Memory Mapped File | rwx |
|
|
|
- |
| cfgmgr32.dll | 0x7ffc54620000 | 0x7ffc54663fff | Memory Mapped File | rwx |
|
|
|
- |
| windows.storage.dll | 0x7ffc54670000 | 0x7ffc54c97fff | Memory Mapped File | rwx |
|
|
|
- |
| crypt32.dll | 0x7ffc54db0000 | 0x7ffc54f70fff | Memory Mapped File | rwx |
|
|
|
- |
| shcore.dll | 0x7ffc54f80000 | 0x7ffc55032fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x7ffc55280000 | 0x7ffc552b5fff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x7ffc55380000 | 0x7ffc554dbfff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x7ffc554e0000 | 0x7ffc5562dfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| oleaut32.dll | 0x7ffc55910000 | 0x7ffc559cdfff | Memory Mapped File | rwx |
|
|
|
- |
| shell32.dll | 0x7ffc559d0000 | 0x7ffc56ef4fff | Memory Mapped File | rwx |
|
|
|
- |
| nsi.dll | 0x7ffc56f00000 | 0x7ffc56f07fff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x7ffc56f10000 | 0x7ffc57094fff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| combase.dll | 0x7ffc571d0000 | 0x7ffc5744bfff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ole32.dll | 0x7ffc57750000 | 0x7ffc57890fff | Memory Mapped File | rwx |
|
|
|
- |
| shlwapi.dll | 0x7ffc578a0000 | 0x7ffc578f0fff | Memory Mapped File | rwx |
|
|
|
- |
| clbcatq.dll | 0x7ffc57970000 | 0x7ffc57a14fff | Memory Mapped File | rwx |
|
|
|
- |
| advapi32.dll | 0x7ffc57aa0000 | 0x7ffc57b45fff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #2: c:\users\public\mksmd.exe | 0x6b4 | address = 0x7ff6d3e70000, size = 3760128 |
|
1 | |
| Create Remote Thread | #2: c:\users\public\mksmd.exe | 0x6b4 | address = 0x7ff6d3e72870 |
|
1 |
Created Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| C:\users\Public\sys | 0.00 KB |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 SSDeep: 3:: |
|
|
Threads
Thread 0xc34
86
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Load | module_name = kernel32.dll, base_address = 0x7ffc55800000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = LoadLibraryA, address_out = 0x7ffc55822080 |
|
1 | |
| Module | Load | module_name = mpr.dll, base_address = 0x7ffc53810000 |
|
1 | |
| Module | Load | module_name = advapi32.dll, base_address = 0x7ffc57aa0000 |
|
1 | |
| Module | Load | module_name = ole32.dll, base_address = 0x7ffc57750000 |
|
1 | |
| Module | Load | module_name = Shell32.dll, base_address = 0x7ffc559d0000 |
|
1 | |
| Module | Load | module_name = Iphlpapi.dll, base_address = 0x7ffc51c50000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetLastError, address_out = 0x7ffc55816060 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = VirtualFree, address_out = 0x7ffc5581bc10 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptExportKey, address_out = 0x7ffc57ab7b50 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = DeleteFileW, address_out = 0x7ffc558257a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetDriveTypeW, address_out = 0x7ffc558258f0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetCommandLineW, address_out = 0x7ffc55820150 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetStartupInfoW, address_out = 0x7ffc5581ed80 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = FindNextFileW, address_out = 0x7ffc55825880 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = VirtualAlloc, address_out = 0x7ffc5581baf0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = GetUserNameA, address_out = 0x7ffc57acec40 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = ExitProcess, address_out = 0x7ffc5581ef50 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = Wow64RevertWow64FsRedirection, address_out = 0x7ffc558436a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateProcessA, address_out = 0x7ffc5581d5b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\iphlpapi.dll, function = GetIpNetTable, address_out = 0x7ffc51c6f0b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetVersionExW, address_out = 0x7ffc5581aa30 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x7ffc55843690 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetSystemDefaultLangID, address_out = 0x7ffc55822ba0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = GetUserNameW, address_out = 0x7ffc57abda40 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = ReadFile, address_out = 0x7ffc55825a90 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegQueryValueExA, address_out = 0x7ffc57ab7dd0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CloseHandle, address_out = 0x7ffc55825510 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegSetValueExW, address_out = 0x7ffc57ab7850 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegCloseKey, address_out = 0x7ffc57ab72e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CopyFileA, address_out = 0x7ffc5583e430 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetFileAttributesW, address_out = 0x7ffc55825b00 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = WinExec, address_out = 0x7ffc55841e60 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptDeriveKey, address_out = 0x7ffc57ad07a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptGenKey, address_out = 0x7ffc57abcab0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = Sleep, address_out = 0x7ffc55818f00 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetCurrentProcess, address_out = 0x7ffc55816580 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\shell32.dll, function = ShellExecuteW, address_out = 0x7ffc55b1abc0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetFileSize, address_out = 0x7ffc55825950 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GlobalAlloc, address_out = 0x7ffc5581b810 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = FindClose, address_out = 0x7ffc558257c0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = WaitForMultipleObjects, address_out = 0x7ffc558256e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetModuleFileNameA, address_out = 0x7ffc55820c70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\shell32.dll, function = ShellExecuteA, address_out = 0x7ffc55bd7de0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetModuleHandleA, address_out = 0x7ffc5581e6d0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetModuleFileNameW, address_out = 0x7ffc5581eca0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateFileA, address_out = 0x7ffc55825760 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetFileSizeEx, address_out = 0x7ffc55825960 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = WriteFile, address_out = 0x7ffc55825b80 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetLogicalDrives, address_out = 0x7ffc558166d0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\mpr.dll, function = WNetEnumResourceW, address_out = 0x7ffc538127d0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegOpenKeyExW, address_out = 0x7ffc57ab6cb0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\mpr.dll, function = WNetCloseEnum, address_out = 0x7ffc53812e20 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetWindowsDirectoryW, address_out = 0x7ffc55822940 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetFileAttributesA, address_out = 0x7ffc55825af0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegOpenKeyExA, address_out = 0x7ffc57ab7d70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetFilePointer, address_out = 0x7ffc55825b20 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetTickCount, address_out = 0x7ffc558160a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetFileAttributesW, address_out = 0x7ffc55825930 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = FindFirstFileW, address_out = 0x7ffc55825840 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptAcquireContextW, address_out = 0x7ffc57ab89e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = MoveFileExW, address_out = 0x7ffc55823010 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\mpr.dll, function = WNetOpenEnumW, address_out = 0x7ffc53812f20 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ole32.dll, function = CoInitialize, address_out = 0x7ffc57763870 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptDecrypt, address_out = 0x7ffc57ab9140 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptImportKey, address_out = 0x7ffc57ab7b40 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetFilePointerEx, address_out = 0x7ffc55825b30 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CopyFileW, address_out = 0x7ffc55825d70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = FreeLibrary, address_out = 0x7ffc5581eb90 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateProcessW, address_out = 0x7ffc5581dee0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateDirectoryW, address_out = 0x7ffc55825740 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateThread, address_out = 0x7ffc5581bc20 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptDestroyKey, address_out = 0x7ffc57ab86b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ole32.dll, function = CoCreateInstance, address_out = 0x7ffc57257000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateFileW, address_out = 0x7ffc55825770 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetFileAttributesA, address_out = 0x7ffc55825900 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptEncrypt, address_out = 0x7ffc57abd7e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegDeleteValueW, address_out = 0x7ffc57ab90b0 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| System | Get Info | type = Windows Directory, result_out = C:\Windows |
|
1 | |
| File | Create | filename = C:\users\Public\sys, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
1 | |
| File | Create | filename = C:\users\Public\sys, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
1 | |
| System | Sleep | duration = 5000 milliseconds (5.000 seconds) |
|
1 | |
| User | Lookup Privilege | privilege = SeBackupPrivilege, luid = 17 |
|
1 |
Process #4: net.exe
0
0
| Information | Value |
|---|---|
| ID | #4 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "spooler" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:02:02, Reason: Child Process |
| Unmonitor | End Time: 00:02:14, Reason: Self Terminated |
| Monitor Duration | 00:00:12 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xc94 |
| Parent PID | 0x52c (c:\users\public\mksmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
C80
0x
C40
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000fe8d9e0000 | 0xfe8d9e0000 | 0xfe8d9fffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000fe8d9e0000 | 0xfe8d9e0000 | 0xfe8d9effff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x000000fe8da00000 | 0xfe8da00000 | 0xfe8da13fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000fe8da20000 | 0xfe8da20000 | 0xfe8da9ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000fe8daa0000 | 0xfe8daa0000 | 0xfe8daa3fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000fe8dab0000 | 0xfe8dab0000 | 0xfe8dab0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000fe8dac0000 | 0xfe8dac0000 | 0xfe8dac1fff | Private Memory | rw |
|
|
|
- |
| private_0x000000fe8db10000 | 0xfe8db10000 | 0xfe8dc0ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ffe60000 | 0x7df5ffe60000 | 0x7ff5ffe5ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff705e70000 | 0x7ff705e70000 | 0x7ff705f6ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff705f70000 | 0x7ff705f70000 | 0x7ff705f92fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff705f96000 | 0x7ff705f96000 | 0x7ff705f96fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff705f9e000 | 0x7ff705f9e000 | 0x7ff705f9ffff | Private Memory | rw |
|
|
|
- |
| net.exe | 0x7ff7067c0000 | 0x7ff7067dcfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #5: taskhostw.exe
91
0
| Information | Value |
|---|---|
| ID | #5 |
| File Name | c:\windows\system32\taskhostw.exe |
| Command Line | taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E} |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:02:03, Reason: Injection |
| Unmonitor | End Time: 00:02:35, Reason: Crashed |
| Monitor Duration | 00:00:32 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x77c |
| Parent PID | 0x324 (c:\windows\system32\svchost.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
4F0
0x
82C
0x
B7C
0x
AB0
0x
A2C
0x
940
0x
93C
0x
938
0x
934
0x
7B4
0x
780
0x
C90
0x
C98
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| pagefile_0x000000a699760000 | 0xa699760000 | 0xa69976ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000a699770000 | 0xa699770000 | 0xa699776fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000a699780000 | 0xa699780000 | 0xa699793fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000a6997a0000 | 0xa6997a0000 | 0xa69981ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000a699820000 | 0xa699820000 | 0xa699823fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000a699830000 | 0xa699830000 | 0xa699830fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000a699840000 | 0xa699840000 | 0xa699841fff | Private Memory | rw |
|
|
|
- |
| private_0x000000a699850000 | 0xa699850000 | 0xa699856fff | Private Memory | rw |
|
|
|
- |
| taskhostw.exe.mui | 0xa699860000 | 0xa699860fff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000a699870000 | 0xa699870000 | 0xa699870fff | Private Memory | rw |
|
|
|
- |
| private_0x000000a699880000 | 0xa699880000 | 0xa699880fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000a699890000 | 0xa699890000 | 0xa699893fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000a6998a0000 | 0xa6998a0000 | 0xa6998a0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000a6998b0000 | 0xa6998b0000 | 0xa6999affff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0xa6999b0000 | 0xa699a6dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000a699a70000 | 0xa699a70000 | 0xa699aeffff | Private Memory | rw |
|
|
|
- |
| private_0x000000a699af0000 | 0xa699af0000 | 0xa699b6ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000a699b70000 | 0xa699b70000 | 0xa699c27fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000a699c30000 | 0xa699c30000 | 0xa699c3ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000a699c40000 | 0xa699c40000 | 0xa699c40fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000a699c50000 | 0xa699c50000 | 0xa699c50fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000a699c60000 | 0xa699c60000 | 0xa699c60fff | Private Memory | rw |
|
|
|
- |
| private_0x000000a699c70000 | 0xa699c70000 | 0xa699c7ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000a699c80000 | 0xa699c80000 | 0xa699e07fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000a699e10000 | 0xa699e10000 | 0xa699f90fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000a699fa0000 | 0xa699fa0000 | 0xa69b39ffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000a69b3a0000 | 0xa69b3a0000 | 0xa69b41ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000a69b420000 | 0xa69b420000 | 0xa69b420fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000a69b430000 | 0xa69b430000 | 0xa69b43ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x000000a69b440000 | 0xa69b440000 | 0xa69b44ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x000000a69b450000 | 0xa69b450000 | 0xa69b45ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x000000a69b460000 | 0xa69b460000 | 0xa69b46ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x000000a69b470000 | 0xa69b470000 | 0xa69b47ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x000000a69b480000 | 0xa69b480000 | 0xa69b48ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000a69b490000 | 0xa69b490000 | 0xa69b497fff | Private Memory | rw |
|
|
|
- |
| winmm.dll.mui | 0xa69b4a0000 | 0xa69b4a5fff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa69b4b0000 | 0xa69b4bffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa69b4c0000 | 0xa69b4cffff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x000000a69b4d0000 | 0xa69b4d0000 | 0xa69b4dffff | Pagefile Backed Memory | rw |
|
|
|
- |
| webcachev01.dat | 0xa69b4e0000 | 0xa69b4effff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa69b4f0000 | 0xa69b4fffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa69b500000 | 0xa69b50ffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa69b510000 | 0xa69b51ffff | Memory Mapped File | r |
|
|
|
- |
| sortdefault.nls | 0xa69b520000 | 0xa69b856fff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000a69b860000 | 0xa69b860000 | 0xa69b8dffff | Private Memory | rw |
|
|
|
- |
| private_0x000000a69b8e0000 | 0xa69b8e0000 | 0xa69b95ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000a69b960000 | 0xa69b960000 | 0xa69ba5ffff | Private Memory | rw |
|
|
|
- |
| msctfmonitor.dll.mui | 0xa69ba60000 | 0xa69ba60fff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000a69ba70000 | 0xa69ba70000 | 0xa69baeffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000a69baf0000 | 0xa69baf0000 | 0xa69baf0fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000a69bb00000 | 0xa69bb00000 | 0xa69bb06fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000a69bb10000 | 0xa69bb10000 | 0xa69bb1ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x000000a69bb20000 | 0xa69bb20000 | 0xa69bb2ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x000000a69bb30000 | 0xa69bb30000 | 0xa69bb3ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x000000a69bb40000 | 0xa69bb40000 | 0xa69bb4ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x000000a69bb50000 | 0xa69bb50000 | 0xa69bb5ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x000000a69bb60000 | 0xa69bb60000 | 0xa69bb6ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000a69bb70000 | 0xa69bb70000 | 0xa69cb6ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000a69cb70000 | 0xa69cb70000 | 0xa69cb70fff | Private Memory | rw |
|
|
|
- |
| private_0x000000a69cb80000 | 0xa69cb80000 | 0xa69cb80fff | Private Memory | rw |
|
|
|
- |
| private_0x000000a69cb90000 | 0xa69cb90000 | 0xa69cb93fff | Private Memory | rw |
|
|
|
- |
| private_0x000000a69cba0000 | 0xa69cba0000 | 0xa69cba1fff | Private Memory | rw |
|
|
|
- |
| private_0x000000a69cbb0000 | 0xa69cbb0000 | 0xa69cbb0fff | Private Memory | rw |
|
|
|
- |
| private_0x000000a69cbc0000 | 0xa69cbc0000 | 0xa69cc4ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000a69cc50000 | 0xa69cc50000 | 0xa6a0c4ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000a6a0c50000 | 0xa6a0c50000 | 0xa6a4c4ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000a6a4c50000 | 0xa6a4c50000 | 0xa6a4c57fff | Private Memory | rw |
|
|
|
- |
| webcachev01.dat | 0xa6a4c60000 | 0xa6a4c6ffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a4c70000 | 0xa6a4c7ffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a4c80000 | 0xa6a4c8ffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a4c90000 | 0xa6a4c9ffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a4ca0000 | 0xa6a4caffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a4cb0000 | 0xa6a4cbffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a4cc0000 | 0xa6a4ccffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a4cd0000 | 0xa6a4cdffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a4ce0000 | 0xa6a4ceffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a4cf0000 | 0xa6a4cfffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a4d00000 | 0xa6a4d0ffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a4d10000 | 0xa6a4d1ffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a4d20000 | 0xa6a4d2ffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a4d30000 | 0xa6a4d3ffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a4d40000 | 0xa6a4d4ffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a4d50000 | 0xa6a4d5ffff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000a6a4d60000 | 0xa6a4d60000 | 0xa6a4ddffff | Private Memory | rw |
|
|
|
- |
| private_0x000000a6a4de0000 | 0xa6a4de0000 | 0xa6a4de7fff | Private Memory | rw |
|
|
|
- |
| webcachev01.dat | 0xa6a4df0000 | 0xa6a4dfffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a4e00000 | 0xa6a4e0ffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a4e10000 | 0xa6a4e1ffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a4e20000 | 0xa6a4e2ffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a4e30000 | 0xa6a4e3ffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a4e40000 | 0xa6a4e4ffff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000a6a4e50000 | 0xa6a4e50000 | 0xa6a4e57fff | Private Memory | rw |
|
|
|
- |
| webcachev01.dat | 0xa6a4e60000 | 0xa6a4e6ffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a4e70000 | 0xa6a4e7ffff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x000000a6a4e80000 | 0xa6a4e80000 | 0xa6a4e8ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| webcachev01.dat | 0xa6a4e90000 | 0xa6a4e9ffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a4ea0000 | 0xa6a4eaffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a4eb0000 | 0xa6a4ebffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a4ec0000 | 0xa6a4ecffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a4ed0000 | 0xa6a4edffff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000a6a4ee0000 | 0xa6a4ee0000 | 0xa6a4f5ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000a6a4f60000 | 0xa6a4f60000 | 0xa6a4f6ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| webcachev01.dat | 0xa6a4f70000 | 0xa6a4f7ffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a4f80000 | 0xa6a4f8ffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a4f90000 | 0xa6a4f9ffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a4fa0000 | 0xa6a4faffff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000a6a4fb0000 | 0xa6a4fb0000 | 0xa6a502ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000a6a5030000 | 0xa6a5030000 | 0xa6a50affff | Private Memory | rw |
|
|
|
- |
| webcachev01.dat | 0xa6a50b0000 | 0xa6a50bffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a50c0000 | 0xa6a50cffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a50d0000 | 0xa6a50dffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a50e0000 | 0xa6a50effff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a50f0000 | 0xa6a50fffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a5100000 | 0xa6a510ffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a5110000 | 0xa6a511ffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a5120000 | 0xa6a512ffff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000a6a5130000 | 0xa6a5130000 | 0xa6a522ffff | Private Memory | rw |
|
|
|
- |
| webcachev01.dat | 0xa6a5230000 | 0xa6a523ffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a5240000 | 0xa6a524ffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a5250000 | 0xa6a525ffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a5260000 | 0xa6a526ffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a5270000 | 0xa6a527ffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a5280000 | 0xa6a528ffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a5290000 | 0xa6a529ffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a52a0000 | 0xa6a52affff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a52b0000 | 0xa6a52bffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a52c0000 | 0xa6a52cffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a52d0000 | 0xa6a52dffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a52e0000 | 0xa6a52effff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a52f0000 | 0xa6a52fffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a5300000 | 0xa6a530ffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a5310000 | 0xa6a531ffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a5320000 | 0xa6a532ffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a5330000 | 0xa6a533ffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a5340000 | 0xa6a534ffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a5350000 | 0xa6a535ffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a5360000 | 0xa6a536ffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a5370000 | 0xa6a537ffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a5380000 | 0xa6a538ffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a5390000 | 0xa6a539ffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a53a0000 | 0xa6a53affff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a53b0000 | 0xa6a53bffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a53c0000 | 0xa6a53cffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a53d0000 | 0xa6a53dffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a53e0000 | 0xa6a53effff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a53f0000 | 0xa6a53fffff | Memory Mapped File | r |
|
|
|
- |
| webcachev01.dat | 0xa6a5400000 | 0xa6a540ffff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000a6a5410000 | 0xa6a5410000 | 0xa6a5417fff | Private Memory | rw |
|
|
|
- |
| webcachev01.dat | 0xa6a5420000 | 0xa6a542ffff | Memory Mapped File | r |
|
|
|
- |
|
For performance reasons, the remaining 68 entries are omitted.
The remaining entries can be found in flog.txt. |
||||||||
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #2: c:\users\public\mksmd.exe | 0x6b4 | address = 0x7ff6d3e70000, size = 3760128 |
|
1 | |
| Create Remote Thread | #2: c:\users\public\mksmd.exe | 0x6b4 | address = 0x7ff6d3e72870 |
|
1 |
Threads
Thread 0xc90
91
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Load | module_name = kernel32.dll, base_address = 0x7ffc55800000 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = LoadLibraryA, address_out = 0x7ffc55822080 |
|
1 | |
| Module | Load | module_name = mpr.dll, base_address = 0x7ffc53810000 |
|
1 | |
| Module | Load | module_name = advapi32.dll, base_address = 0x7ffc57aa0000 |
|
1 | |
| Module | Load | module_name = ole32.dll, base_address = 0x7ffc57750000 |
|
1 | |
| Module | Load | module_name = Shell32.dll, base_address = 0x7ffc559d0000 |
|
1 | |
| Module | Load | module_name = Iphlpapi.dll, base_address = 0x7ffc51c50000 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetLastError, address_out = 0x7ffc55816060 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VirtualFree, address_out = 0x7ffc5581bc10 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CryptExportKey, address_out = 0x7ffc57ab7b50 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = DeleteFileW, address_out = 0x7ffc558257a0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetDriveTypeW, address_out = 0x7ffc558258f0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetCommandLineW, address_out = 0x7ffc55820150 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetStartupInfoW, address_out = 0x7ffc5581ed80 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = FindNextFileW, address_out = 0x7ffc55825880 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VirtualAlloc, address_out = 0x7ffc5581baf0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetUserNameA, address_out = 0x7ffc57acec40 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = ExitProcess, address_out = 0x7ffc5581ef50 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = Wow64RevertWow64FsRedirection, address_out = 0x7ffc558436a0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CreateProcessA, address_out = 0x7ffc5581d5b0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetIpNetTable, address_out = 0x7ffc51c6f0b0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetVersionExW, address_out = 0x7ffc5581aa30 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = Wow64DisableWow64FsRedirection, address_out = 0x7ffc55843690 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetSystemDefaultLangID, address_out = 0x7ffc55822ba0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetUserNameW, address_out = 0x7ffc57abda40 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = ReadFile, address_out = 0x7ffc55825a90 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = RegQueryValueExA, address_out = 0x7ffc57ab7dd0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CloseHandle, address_out = 0x7ffc55825510 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = RegSetValueExW, address_out = 0x7ffc57ab7850 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = RegCloseKey, address_out = 0x7ffc57ab72e0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CopyFileA, address_out = 0x7ffc5583e430 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = SetFileAttributesW, address_out = 0x7ffc55825b00 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = WinExec, address_out = 0x7ffc55841e60 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CryptDeriveKey, address_out = 0x7ffc57ad07a0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CryptGenKey, address_out = 0x7ffc57abcab0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = Sleep, address_out = 0x7ffc55818f00 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetCurrentProcess, address_out = 0x7ffc55816580 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = ShellExecuteW, address_out = 0x7ffc55b1abc0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetFileSize, address_out = 0x7ffc55825950 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GlobalAlloc, address_out = 0x7ffc5581b810 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = FindClose, address_out = 0x7ffc558257c0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = WaitForMultipleObjects, address_out = 0x7ffc558256e0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetModuleFileNameA, address_out = 0x7ffc55820c70 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = ShellExecuteA, address_out = 0x7ffc55bd7de0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetModuleHandleA, address_out = 0x7ffc5581e6d0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetModuleFileNameW, address_out = 0x7ffc5581eca0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CreateFileA, address_out = 0x7ffc55825760 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetFileSizeEx, address_out = 0x7ffc55825960 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = WriteFile, address_out = 0x7ffc55825b80 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetLogicalDrives, address_out = 0x7ffc558166d0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = WNetEnumResourceW, address_out = 0x7ffc538127d0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = RegOpenKeyExW, address_out = 0x7ffc57ab6cb0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = WNetCloseEnum, address_out = 0x7ffc53812e20 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetWindowsDirectoryW, address_out = 0x7ffc55822940 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = SetFileAttributesA, address_out = 0x7ffc55825af0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = RegOpenKeyExA, address_out = 0x7ffc57ab7d70 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = SetFilePointer, address_out = 0x7ffc55825b20 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetTickCount, address_out = 0x7ffc558160a0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetFileAttributesW, address_out = 0x7ffc55825930 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = FindFirstFileW, address_out = 0x7ffc55825840 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CryptAcquireContextW, address_out = 0x7ffc57ab89e0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MoveFileExW, address_out = 0x7ffc55823010 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = WNetOpenEnumW, address_out = 0x7ffc53812f20 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CoInitialize, address_out = 0x7ffc57763870 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CryptDecrypt, address_out = 0x7ffc57ab9140 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CryptImportKey, address_out = 0x7ffc57ab7b40 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = SetFilePointerEx, address_out = 0x7ffc55825b30 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CopyFileW, address_out = 0x7ffc55825d70 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = FreeLibrary, address_out = 0x7ffc5581eb90 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CreateProcessW, address_out = 0x7ffc5581dee0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CreateDirectoryW, address_out = 0x7ffc55825740 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CreateThread, address_out = 0x7ffc5581bc20 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CryptDestroyKey, address_out = 0x7ffc57ab86b0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CoCreateInstance, address_out = 0x7ffc57257000 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CreateFileW, address_out = 0x7ffc55825770 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetFileAttributesA, address_out = 0x7ffc55825900 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CryptEncrypt, address_out = 0x7ffc57abd7e0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = RegDeleteValueW, address_out = 0x7ffc57ab90b0 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| System | Get Info | type = Windows Directory, result_out = C:\Windows |
|
1 | |
| File | Create | filename = C:\users\Public\sys, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
1 | |
| System | Sleep | duration = 5000 milliseconds (5.000 seconds) |
|
1 | |
| System | Sleep | duration = 25000 milliseconds (25.000 seconds) |
|
1 | |
| System | Get Info | type = Windows Directory, result_out = C:\Windows |
|
1 | |
| File | Create | filename = C:\users\Public\sys, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
1 | |
| System | Sleep | duration = 25000 milliseconds (25.000 seconds) |
|
1 | |
| System | Get Info | type = Windows Directory, result_out = C:\Windows |
|
1 | |
| File | Create | filename = C:\users\Public\sys, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
1 | |
| User | Lookup Privilege | privilege = SeBackupPrivilege, luid = 17 |
|
1 |
Process #6: net.exe
0
0
| Information | Value |
|---|---|
| ID | #6 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "audioendpointbuilder" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:02:03, Reason: Child Process |
| Unmonitor | End Time: 00:02:16, Reason: Self Terminated |
| Monitor Duration | 00:00:13 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xd48 |
| Parent PID | 0x52c (c:\users\public\mksmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
D4C
0x
D64
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x00000058906a0000 | 0x58906a0000 | 0x58906bffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000058906a0000 | 0x58906a0000 | 0x58906affff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x00000058906b0000 | 0x58906b0000 | 0x58906b6fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000058906c0000 | 0x58906c0000 | 0x58906d3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000058906e0000 | 0x58906e0000 | 0x589075ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000005890760000 | 0x5890760000 | 0x5890763fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000005890770000 | 0x5890770000 | 0x5890770fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000005890780000 | 0x5890780000 | 0x5890781fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x5890790000 | 0x589084dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000005890850000 | 0x5890850000 | 0x58908cffff | Private Memory | rw |
|
|
|
- |
| private_0x00000058908d0000 | 0x58908d0000 | 0x58908d6fff | Private Memory | rw |
|
|
|
- |
| private_0x0000005890930000 | 0x5890930000 | 0x5890a2ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000005890af0000 | 0x5890af0000 | 0x5890afffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff110000 | 0x7df5ff110000 | 0x7ff5ff10ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff705dd0000 | 0x7ff705dd0000 | 0x7ff705ecffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff705ed0000 | 0x7ff705ed0000 | 0x7ff705ef2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff705efa000 | 0x7ff705efa000 | 0x7ff705efbfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff705efc000 | 0x7ff705efc000 | 0x7ff705efdfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff705efe000 | 0x7ff705efe000 | 0x7ff705efefff | Private Memory | rw |
|
|
|
- |
| net.exe | 0x7ff7067c0000 | 0x7ff7067dcfff | Memory Mapped File | rwx |
|
|
|
- |
| browcli.dll | 0x7ffc466b0000 | 0x7ffc466c3fff | Memory Mapped File | rwx |
|
|
|
- |
| samcli.dll | 0x7ffc50ec0000 | 0x7ffc50ed7fff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x7ffc514b0000 | 0x7ffc514c5fff | Memory Mapped File | rwx |
|
|
|
- |
| winnsi.dll | 0x7ffc51c30000 | 0x7ffc51c3afff | Memory Mapped File | rwx |
|
|
|
- |
| iphlpapi.dll | 0x7ffc51c50000 | 0x7ffc51c87fff | Memory Mapped File | rwx |
|
|
|
- |
| mpr.dll | 0x7ffc53810000 | 0x7ffc5382bfff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x7ffc53830000 | 0x7ffc5383bfff | Memory Mapped File | rwx |
|
|
|
- |
| srvcli.dll | 0x7ffc53840000 | 0x7ffc53865fff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| nsi.dll | 0x7ffc56f00000 | 0x7ffc56f07fff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #9: runtimebroker.exe
94
0
| Information | Value |
|---|---|
| ID | #9 |
| File Name | c:\windows\system32\runtimebroker.exe |
| Command Line | C:\Windows\System32\RuntimeBroker.exe -Embedding |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:02:04, Reason: Injection |
| Unmonitor | End Time: 00:02:48, Reason: Crashed |
| Monitor Duration | 00:00:44 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x7f8 |
| Parent PID | 0x23c (c:\windows\system32\svchost.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
CA0
0x
C60
0x
C30
0x
FEC
0x
A1C
0x
854
0x
83C
0x
808
0x
11C
0x
D0
0x
CC0
0x
D68
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| pagefile_0x0000003cd1d40000 | 0x3cd1d40000 | 0x3cd1d4ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000003cd1d50000 | 0x3cd1d50000 | 0x3cd1d50fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000003cd1d60000 | 0x3cd1d60000 | 0x3cd1d73fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000003cd1d80000 | 0x3cd1d80000 | 0x3cd1dfffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000003cd1e00000 | 0x3cd1e00000 | 0x3cd1e03fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000003cd1e10000 | 0x3cd1e10000 | 0x3cd1e11fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000003cd1e20000 | 0x3cd1e20000 | 0x3cd1e21fff | Private Memory | rw |
|
|
|
- |
| private_0x0000003cd1e30000 | 0x3cd1e30000 | 0x3cd1e36fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x3cd1e40000 | 0x3cd1efdfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000003cd1f00000 | 0x3cd1f00000 | 0x3cd1ffffff | Private Memory | rw |
|
|
|
- |
| private_0x0000003cd2000000 | 0x3cd2000000 | 0x3cd207ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000003cd2080000 | 0x3cd2080000 | 0x3cd20fffff | Private Memory | rw |
|
|
|
- |
| private_0x0000003cd2100000 | 0x3cd2100000 | 0x3cd2100fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000003cd2110000 | 0x3cd2110000 | 0x3cd2110fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000003cd2120000 | 0x3cd2120000 | 0x3cd219ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000003cd21a0000 | 0x3cd21a0000 | 0x3cd21a0fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000003cd21b0000 | 0x3cd21b0000 | 0x3cd21d9fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000003cd21e0000 | 0x3cd21e0000 | 0x3cd21e2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000003cd21f0000 | 0x3cd21f0000 | 0x3cd21f6fff | Private Memory | rw |
|
|
|
- |
| private_0x0000003cd2200000 | 0x3cd2200000 | 0x3cd2206fff | Private Memory | rw |
|
|
|
- |
| private_0x0000003cd2210000 | 0x3cd2210000 | 0x3cd228ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000003cd2290000 | 0x3cd2290000 | 0x3cd2290fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000003cd22a0000 | 0x3cd22a0000 | 0x3cd22a0fff | Pagefile Backed Memory | rw |
|
|
|
- |
| windows.storage.dll.mui | 0x3cd22b0000 | 0x3cd22b7fff | Memory Mapped File | r |
|
|
|
- |
| cversions.2.db | 0x3cd22c0000 | 0x3cd22c3fff | Memory Mapped File | r |
|
|
|
- |
| {afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000001c.db | 0x3cd22d0000 | 0x3cd22e2fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x0000003cd22f0000 | 0x3cd22f0000 | 0x3cd22f0fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000003cd2300000 | 0x3cd2300000 | 0x3cd23fffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000003cd2400000 | 0x3cd2400000 | 0x3cd2587fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000003cd2590000 | 0x3cd2590000 | 0x3cd2710fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000003cd2720000 | 0x3cd2720000 | 0x3cd3b1ffff | Pagefile Backed Memory | r |
|
|
|
- |
| sortdefault.nls | 0x3cd3b20000 | 0x3cd3e56fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000003cd3e60000 | 0x3cd3e60000 | 0x3cd3edffff | Private Memory | rw |
|
|
|
- |
| private_0x0000003cd3ee0000 | 0x3cd3ee0000 | 0x3cd3f5ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000003cd3f60000 | 0x3cd3f60000 | 0x3cd3fdffff | Private Memory | rw |
|
|
|
- |
| private_0x0000003cd3fe0000 | 0x3cd3fe0000 | 0x3cd40dffff | Private Memory | rw |
|
|
|
- |
| cversions.2.db | 0x3cd40e0000 | 0x3cd40e3fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000003cd4100000 | 0x3cd4100000 | 0x3cd41fffff | Private Memory | rw |
|
|
|
- |
| kernelbase.dll.mui | 0x3cd4200000 | 0x3cd42defff | Memory Mapped File | r |
|
|
|
- |
| {6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000013.db | 0x3cd42e0000 | 0x3cd4322fff | Memory Mapped File | r |
|
|
|
- |
| {ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db | 0x3cd4330000 | 0x3cd43bafff | Memory Mapped File | r |
|
|
|
- |
| propsys.dll.mui | 0x3cd43c0000 | 0x3cd43d0fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000003cd43e0000 | 0x3cd43e0000 | 0x3cd445ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000003cd4460000 | 0x3cd4460000 | 0x3cd44dffff | Private Memory | rw |
|
|
|
- |
| private_0x0000003cd44e0000 | 0x3cd44e0000 | 0x3cd455ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000003cd4560000 | 0x3cd4560000 | 0x3cd45dffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ffbe0000 | 0x7df5ffbe0000 | 0x7ff5ffbdffff | Pagefile Backed Memory | - |
|
|
|
- |
| private_0x00007ff609b82000 | 0x7ff609b82000 | 0x7ff609b83fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff609b84000 | 0x7ff609b84000 | 0x7ff609b85fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff609b86000 | 0x7ff609b86000 | 0x7ff609b87fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff609b88000 | 0x7ff609b88000 | 0x7ff609b89fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff609b8a000 | 0x7ff609b8a000 | 0x7ff609b8bfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff609b8c000 | 0x7ff609b8c000 | 0x7ff609b8dfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff609b8e000 | 0x7ff609b8e000 | 0x7ff609b8ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007ff609b90000 | 0x7ff609b90000 | 0x7ff609c8ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff609c90000 | 0x7ff609c90000 | 0x7ff609cb2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff609cb4000 | 0x7ff609cb4000 | 0x7ff609cb5fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff609cb6000 | 0x7ff609cb6000 | 0x7ff609cb7fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff609cb8000 | 0x7ff609cb8000 | 0x7ff609cb9fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff609cba000 | 0x7ff609cba000 | 0x7ff609cbbfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff609cbc000 | 0x7ff609cbc000 | 0x7ff609cbdfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff609cbe000 | 0x7ff609cbe000 | 0x7ff609cbefff | Private Memory | rw |
|
|
|
- |
| runtimebroker.exe | 0x7ff60a170000 | 0x7ff60a185fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x00007ff6d3e70000 | 0x7ff6d3e70000 | 0x7ff6d4205fff | Private Memory | rwx |
|
|
|
- |
| ntoskrnl.exe | 0x7ff6efa30000 | 0x7ff6f0281fff | Memory Mapped File | rwx |
|
|
|
- |
| windows.storage.search.dll | 0x7ffc3ed00000 | 0x7ffc3edcafff | Memory Mapped File | rwx |
|
|
|
- |
| structuredquery.dll | 0x7ffc3edd0000 | 0x7ffc3ee86fff | Memory Mapped File | rwx |
|
|
|
- |
| windows.networking.hostname.dll | 0x7ffc42260000 | 0x7ffc42297fff | Memory Mapped File | rwx |
|
|
|
- |
| windows.internal.shell.broker.dll | 0x7ffc44180000 | 0x7ffc44211fff | Memory Mapped File | rwx |
|
|
|
- |
| windows.networking.connectivity.dll | 0x7ffc469c0000 | 0x7ffc46a6bfff | Memory Mapped File | rwx |
|
|
|
- |
| wwapi.dll | 0x7ffc46cf0000 | 0x7ffc46d05fff | Memory Mapped File | rwx |
|
|
|
- |
| tokenbroker.dll | 0x7ffc486a0000 | 0x7ffc48765fff | Memory Mapped File | rwx |
|
|
|
- |
| edputil.dll | 0x7ffc48f90000 | 0x7ffc48fbefff | Memory Mapped File | rwx |
|
|
|
- |
| actxprxy.dll | 0x7ffc48ff0000 | 0x7ffc49459fff | Memory Mapped File | rwx |
|
|
|
- |
| execmodelclient.dll | 0x7ffc4b030000 | 0x7ffc4b072fff | Memory Mapped File | rwx |
|
|
|
- |
| npmproxy.dll | 0x7ffc4b090000 | 0x7ffc4b09dfff | Memory Mapped File | rwx |
|
|
|
- |
| wlanapi.dll | 0x7ffc4b170000 | 0x7ffc4b1cefff | Memory Mapped File | rwx |
|
|
|
- |
| netprofm.dll | 0x7ffc4c220000 | 0x7ffc4c25efff | Memory Mapped File | rwx |
|
|
|
- |
| idstore.dll | 0x7ffc4cf00000 | 0x7ffc4cf26fff | Memory Mapped File | rwx |
|
|
|
- |
| windows.ui.immersive.dll | 0x7ffc4dc10000 | 0x7ffc4ddc6fff | Memory Mapped File | rwx |
|
|
|
- |
| iertutil.dll | 0x7ffc4ddd0000 | 0x7ffc4e145fff | Memory Mapped File | rwx |
|
|
|
- |
| mrmcorer.dll | 0x7ffc4f1f0000 | 0x7ffc4f2fefff | Memory Mapped File | rwx |
|
|
|
- |
| msvcp110_win.dll | 0x7ffc4f8f0000 | 0x7ffc4f981fff | Memory Mapped File | rwx |
|
|
|
- |
| policymanager.dll | 0x7ffc4f990000 | 0x7ffc4f9c8fff | Memory Mapped File | rwx |
|
|
|
- |
| xmllite.dll | 0x7ffc4fb00000 | 0x7ffc4fb35fff | Memory Mapped File | rwx |
|
|
|
- |
| samlib.dll | 0x7ffc50bd0000 | 0x7ffc50bebfff | Memory Mapped File | rwx |
|
|
|
- |
| wintypes.dll | 0x7ffc50c00000 | 0x7ffc50d30fff | Memory Mapped File | rwx |
|
|
|
- |
| samcli.dll | 0x7ffc50ec0000 | 0x7ffc50ed7fff | Memory Mapped File | rwx |
|
|
|
- |
| propsys.dll | 0x7ffc511b0000 | 0x7ffc51332fff | Memory Mapped File | rwx |
|
|
|
- |
| mmdevapi.dll | 0x7ffc51340000 | 0x7ffc513b1fff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x7ffc514b0000 | 0x7ffc514c5fff | Memory Mapped File | rwx |
|
|
|
- |
| winnsi.dll | 0x7ffc51c30000 | 0x7ffc51c3afff | Memory Mapped File | rwx |
|
|
|
- |
| iphlpapi.dll | 0x7ffc51c50000 | 0x7ffc51c87fff | Memory Mapped File | rwx |
|
|
|
- |
| wtsapi32.dll | 0x7ffc52640000 | 0x7ffc52652fff | Memory Mapped File | rwx |
|
|
|
- |
| coremessaging.dll | 0x7ffc52730000 | 0x7ffc527f7fff | Memory Mapped File | rwx |
|
|
|
- |
| sppc.dll | 0x7ffc52bd0000 | 0x7ffc52bf4fff | Memory Mapped File | rwx |
|
|
|
- |
| slc.dll | 0x7ffc52c00000 | 0x7ffc52c25fff | Memory Mapped File | rwx |
|
|
|
- |
| uxtheme.dll | 0x7ffc52d70000 | 0x7ffc52e05fff | Memory Mapped File | rwx |
|
|
|
- |
| devobj.dll | 0x7ffc52ef0000 | 0x7ffc52f16fff | Memory Mapped File | rwx |
|
|
|
- |
| twinapi.appcore.dll | 0x7ffc52f40000 | 0x7ffc5302dfff | Memory Mapped File | rwx |
|
|
|
- |
| mpr.dll | 0x7ffc53810000 | 0x7ffc5382bfff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x7ffc53830000 | 0x7ffc5383bfff | Memory Mapped File | rwx |
|
|
|
- |
| rsaenh.dll | 0x7ffc53a90000 | 0x7ffc53ac2fff | Memory Mapped File | rwx |
|
|
|
- |
| userenv.dll | 0x7ffc53b80000 | 0x7ffc53b9efff | Memory Mapped File | rwx |
|
|
|
- |
| cryptsp.dll | 0x7ffc54210000 | 0x7ffc54226fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x7ffc54280000 | 0x7ffc5428afff | Memory Mapped File | rwx |
|
|
|
- |
| sspicli.dll | 0x7ffc54320000 | 0x7ffc5434bfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| bcryptprimitives.dll | 0x7ffc543d0000 | 0x7ffc5443afff | Memory Mapped File | rwx |
|
|
|
- |
| sxs.dll | 0x7ffc54440000 | 0x7ffc544d7fff | Memory Mapped File | rwx |
|
|
|
- |
| profapi.dll | 0x7ffc54580000 | 0x7ffc54592fff | Memory Mapped File | rwx |
|
|
|
- |
| powrprof.dll | 0x7ffc545a0000 | 0x7ffc545e9fff | Memory Mapped File | rwx |
|
|
|
- |
| msasn1.dll | 0x7ffc545f0000 | 0x7ffc54600fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel.appcore.dll | 0x7ffc54610000 | 0x7ffc5461efff | Memory Mapped File | rwx |
|
|
|
- |
| cfgmgr32.dll | 0x7ffc54620000 | 0x7ffc54663fff | Memory Mapped File | rwx |
|
|
|
- |
| windows.storage.dll | 0x7ffc54670000 | 0x7ffc54c97fff | Memory Mapped File | rwx |
|
|
|
- |
| crypt32.dll | 0x7ffc54db0000 | 0x7ffc54f70fff | Memory Mapped File | rwx |
|
|
|
- |
| shcore.dll | 0x7ffc54f80000 | 0x7ffc55032fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x7ffc55280000 | 0x7ffc552b5fff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x7ffc55380000 | 0x7ffc554dbfff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x7ffc554e0000 | 0x7ffc5562dfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| oleaut32.dll | 0x7ffc55910000 | 0x7ffc559cdfff | Memory Mapped File | rwx |
|
|
|
- |
| shell32.dll | 0x7ffc559d0000 | 0x7ffc56ef4fff | Memory Mapped File | rwx |
|
|
|
- |
| nsi.dll | 0x7ffc56f00000 | 0x7ffc56f07fff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x7ffc56f10000 | 0x7ffc57094fff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| combase.dll | 0x7ffc571d0000 | 0x7ffc5744bfff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ole32.dll | 0x7ffc57750000 | 0x7ffc57890fff | Memory Mapped File | rwx |
|
|
|
- |
| shlwapi.dll | 0x7ffc578a0000 | 0x7ffc578f0fff | Memory Mapped File | rwx |
|
|
|
- |
| clbcatq.dll | 0x7ffc57970000 | 0x7ffc57a14fff | Memory Mapped File | rwx |
|
|
|
- |
| advapi32.dll | 0x7ffc57aa0000 | 0x7ffc57b45fff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #2: c:\users\public\mksmd.exe | 0x6b4 | address = 0x7ff6d3e70000, size = 3760128 |
|
1 | |
| Create Remote Thread | #2: c:\users\public\mksmd.exe | 0x6b4 | address = 0x7ff6d3e72870 |
|
1 |
Threads
Thread 0xd0
94
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Load | module_name = kernel32.dll, base_address = 0x7ffc55800000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = LoadLibraryA, address_out = 0x7ffc55822080 |
|
1 | |
| Module | Load | module_name = mpr.dll, base_address = 0x7ffc53810000 |
|
1 | |
| Module | Load | module_name = advapi32.dll, base_address = 0x7ffc57aa0000 |
|
1 | |
| Module | Load | module_name = ole32.dll, base_address = 0x7ffc57750000 |
|
1 | |
| Module | Load | module_name = Shell32.dll, base_address = 0x7ffc559d0000 |
|
1 | |
| Module | Load | module_name = Iphlpapi.dll, base_address = 0x7ffc51c50000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetLastError, address_out = 0x7ffc55816060 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = VirtualFree, address_out = 0x7ffc5581bc10 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptExportKey, address_out = 0x7ffc57ab7b50 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = DeleteFileW, address_out = 0x7ffc558257a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetDriveTypeW, address_out = 0x7ffc558258f0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetCommandLineW, address_out = 0x7ffc55820150 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetStartupInfoW, address_out = 0x7ffc5581ed80 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = FindNextFileW, address_out = 0x7ffc55825880 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = VirtualAlloc, address_out = 0x7ffc5581baf0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = GetUserNameA, address_out = 0x7ffc57acec40 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = ExitProcess, address_out = 0x7ffc5581ef50 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = Wow64RevertWow64FsRedirection, address_out = 0x7ffc558436a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateProcessA, address_out = 0x7ffc5581d5b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\iphlpapi.dll, function = GetIpNetTable, address_out = 0x7ffc51c6f0b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetVersionExW, address_out = 0x7ffc5581aa30 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x7ffc55843690 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetSystemDefaultLangID, address_out = 0x7ffc55822ba0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = GetUserNameW, address_out = 0x7ffc57abda40 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = ReadFile, address_out = 0x7ffc55825a90 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegQueryValueExA, address_out = 0x7ffc57ab7dd0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CloseHandle, address_out = 0x7ffc55825510 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegSetValueExW, address_out = 0x7ffc57ab7850 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegCloseKey, address_out = 0x7ffc57ab72e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CopyFileA, address_out = 0x7ffc5583e430 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetFileAttributesW, address_out = 0x7ffc55825b00 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = WinExec, address_out = 0x7ffc55841e60 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptDeriveKey, address_out = 0x7ffc57ad07a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptGenKey, address_out = 0x7ffc57abcab0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = Sleep, address_out = 0x7ffc55818f00 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetCurrentProcess, address_out = 0x7ffc55816580 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\shell32.dll, function = ShellExecuteW, address_out = 0x7ffc55b1abc0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetFileSize, address_out = 0x7ffc55825950 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GlobalAlloc, address_out = 0x7ffc5581b810 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = FindClose, address_out = 0x7ffc558257c0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = WaitForMultipleObjects, address_out = 0x7ffc558256e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetModuleFileNameA, address_out = 0x7ffc55820c70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\shell32.dll, function = ShellExecuteA, address_out = 0x7ffc55bd7de0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetModuleHandleA, address_out = 0x7ffc5581e6d0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetModuleFileNameW, address_out = 0x7ffc5581eca0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateFileA, address_out = 0x7ffc55825760 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetFileSizeEx, address_out = 0x7ffc55825960 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = WriteFile, address_out = 0x7ffc55825b80 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetLogicalDrives, address_out = 0x7ffc558166d0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\mpr.dll, function = WNetEnumResourceW, address_out = 0x7ffc538127d0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegOpenKeyExW, address_out = 0x7ffc57ab6cb0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\mpr.dll, function = WNetCloseEnum, address_out = 0x7ffc53812e20 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetWindowsDirectoryW, address_out = 0x7ffc55822940 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetFileAttributesA, address_out = 0x7ffc55825af0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegOpenKeyExA, address_out = 0x7ffc57ab7d70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetFilePointer, address_out = 0x7ffc55825b20 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetTickCount, address_out = 0x7ffc558160a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetFileAttributesW, address_out = 0x7ffc55825930 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = FindFirstFileW, address_out = 0x7ffc55825840 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptAcquireContextW, address_out = 0x7ffc57ab89e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = MoveFileExW, address_out = 0x7ffc55823010 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\mpr.dll, function = WNetOpenEnumW, address_out = 0x7ffc53812f20 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ole32.dll, function = CoInitialize, address_out = 0x7ffc57763870 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptDecrypt, address_out = 0x7ffc57ab9140 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptImportKey, address_out = 0x7ffc57ab7b40 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetFilePointerEx, address_out = 0x7ffc55825b30 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CopyFileW, address_out = 0x7ffc55825d70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = FreeLibrary, address_out = 0x7ffc5581eb90 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateProcessW, address_out = 0x7ffc5581dee0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateDirectoryW, address_out = 0x7ffc55825740 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateThread, address_out = 0x7ffc5581bc20 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptDestroyKey, address_out = 0x7ffc57ab86b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ole32.dll, function = CoCreateInstance, address_out = 0x7ffc57257000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateFileW, address_out = 0x7ffc55825770 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetFileAttributesA, address_out = 0x7ffc55825900 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptEncrypt, address_out = 0x7ffc57abd7e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegDeleteValueW, address_out = 0x7ffc57ab90b0 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| System | Get Info | type = Windows Directory, result_out = C:\Windows |
|
1 | |
| File | Create | filename = C:\users\Public\sys, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
1 | |
| System | Sleep | duration = 5000 milliseconds (5.000 seconds) |
|
1 | |
| System | Sleep | duration = 25000 milliseconds (25.000 seconds) |
|
1 | |
| System | Get Info | type = Windows Directory, result_out = C:\Windows |
|
1 | |
| File | Create | filename = C:\users\Public\sys, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
1 | |
| System | Sleep | duration = 25000 milliseconds (25.000 seconds) |
|
1 | |
| System | Get Info | type = Windows Directory, result_out = C:\Windows |
|
1 | |
| File | Create | filename = C:\users\Public\sys, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
1 | |
| System | Sleep | duration = 25000 milliseconds (25.000 seconds) |
|
1 | |
| System | Get Info | type = Windows Directory, result_out = C:\Windows |
|
1 | |
| File | Create | filename = C:\users\Public\sys, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
1 | |
| User | Lookup Privilege | privilege = SeBackupPrivilege, luid = 17 |
|
1 |
Process #10: net.exe
0
0
| Information | Value |
|---|---|
| ID | #10 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:02:04, Reason: Child Process |
| Unmonitor | End Time: 00:02:10, Reason: Self Terminated |
| Monitor Duration | 00:00:06 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xd34 |
| Parent PID | 0x52c (c:\users\public\mksmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
D58
0x
C5C
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000b25c150000 | 0xb25c150000 | 0xb25c16ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000b25c150000 | 0xb25c150000 | 0xb25c15ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x000000b25c170000 | 0xb25c170000 | 0xb25c183fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000b25c190000 | 0xb25c190000 | 0xb25c20ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000b25c210000 | 0xb25c210000 | 0xb25c213fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000b25c220000 | 0xb25c220000 | 0xb25c220fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000b25c230000 | 0xb25c230000 | 0xb25c231fff | Private Memory | rw |
|
|
|
- |
| private_0x000000b25c300000 | 0xb25c300000 | 0xb25c3fffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff150000 | 0x7df5ff150000 | 0x7ff5ff14ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff705d40000 | 0x7ff705d40000 | 0x7ff705e3ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff705e40000 | 0x7ff705e40000 | 0x7ff705e62fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff705e6d000 | 0x7ff705e6d000 | 0x7ff705e6efff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff705e6f000 | 0x7ff705e6f000 | 0x7ff705e6ffff | Private Memory | rw |
|
|
|
- |
| net.exe | 0x7ff7067c0000 | 0x7ff7067dcfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #12: shellexperiencehost.exe
86
0
| Information | Value |
|---|---|
| ID | #12 |
| File Name | c:\windows\systemapps\shellexperiencehost_cw5n1h2txyewy\shellexperiencehost.exe |
| Command Line | "C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca |
| Initial Working Directory | C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ |
| Monitor | Start Time: 00:02:06, Reason: Injection |
| Unmonitor | End Time: 00:03:00, Reason: Crashed |
| Monitor Duration | 00:00:54 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x980 |
| Parent PID | 0x23c (c:\windows\system32\svchost.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Low |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
D30
0x
2C8
0x
B84
0x
C54
0x
C08
0x
C20
0x
C10
0x
2E0
0x
BFC
0x
BF4
0x
BF0
0x
BEC
0x
BE8
0x
BE4
0x
BE0
0x
BDC
0x
BD8
0x
BD4
0x
BD0
0x
BCC
0x
BC8
0x
BC4
0x
BC0
0x
BBC
0x
BB8
0x
BB4
0x
BB0
0x
BA0
0x
B9C
0x
B98
0x
B94
0x
B34
0x
B1C
0x
B0C
0x
9D0
0x
9C8
0x
9C4
0x
9C0
0x
9BC
0x
9B0
0x
9AC
0x
9A8
0x
9A4
0x
9A0
0x
99C
0x
998
0x
994
0x
990
0x
984
0x
CB4
0x
D6C
0x
D70
0x
C68
0x
C6C
0x
A90
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| pagefile_0x000000da54c90000 | 0xda54c90000 | 0xda54c9ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000da54ca0000 | 0xda54ca0000 | 0xda54ca0fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000da54cb0000 | 0xda54cb0000 | 0xda54cc3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000da54cd0000 | 0xda54cd0000 | 0xda54dcffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000da54dd0000 | 0xda54dd0000 | 0xda54dd3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000da54de0000 | 0xda54de0000 | 0xda54de1fff | Private Memory | rw |
|
|
|
- |
| private_0x000000da54df0000 | 0xda54df0000 | 0xda54df0fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000da54e00000 | 0xda54e00000 | 0xda54e29fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x000000da54e30000 | 0xda54e30000 | 0xda54e30fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000da54e40000 | 0xda54e40000 | 0xda54e40fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x000000da54e50000 | 0xda54e50000 | 0xda54e50fff | Pagefile Backed Memory | rw |
|
|
|
- |
| 2504515037.pri | 0xda54e60000 | 0xda54e6bfff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x000000da54e70000 | 0xda54e70000 | 0xda54e70fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000da54e80000 | 0xda54e80000 | 0xda54e86fff | Private Memory | rw |
|
|
|
- |
| private_0x000000da54e90000 | 0xda54e90000 | 0xda54e90fff | Private Memory | rw |
|
|
|
- |
| private_0x000000da54ea0000 | 0xda54ea0000 | 0xda54ea0fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000da54eb0000 | 0xda54eb0000 | 0xda54eb0fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x000000da54ec0000 | 0xda54ec0000 | 0xda54ec0fff | Pagefile Backed Memory | rw |
|
|
|
- |
| resources.en-us.pri | 0xda54ed0000 | 0xda54edcfff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x000000da54ee0000 | 0xda54ee0000 | 0xda54ee1fff | Pagefile Backed Memory | rw |
|
|
|
- |
| windows.ui.xaml.dll.mui | 0xda54ef0000 | 0xda54ef9fff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000da54f00000 | 0xda54f00000 | 0xda54ffffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0xda55000000 | 0xda550bdfff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000da550c0000 | 0xda550c0000 | 0xda551bffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000da551c0000 | 0xda551c0000 | 0xda55347fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000da55350000 | 0xda55350000 | 0xda5535ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x000000da55360000 | 0xda55360000 | 0xda5536ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x000000da55370000 | 0xda55370000 | 0xda5537ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| tilecache_100_0_header.bin | 0xda55380000 | 0xda55382fff | Memory Mapped File | rw |
|
|
|
- |
| private_0x000000da55390000 | 0xda55390000 | 0xda55390fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000da553a0000 | 0xda553a0000 | 0xda553a3fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000da553b0000 | 0xda553b0000 | 0xda553b6fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000da553c0000 | 0xda553c0000 | 0xda553f1fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000da55400000 | 0xda55400000 | 0xda554fffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000da55500000 | 0xda55500000 | 0xda55680fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000da55690000 | 0xda55690000 | 0xda56a8ffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000da56a90000 | 0xda56a90000 | 0xda56b8ffff | Private Memory | rw |
|
|
|
- |
| windows.ui.xaml.resources.dll | 0xda56b90000 | 0xda56cc6fff | Memory Mapped File | r |
|
|
|
- |
| kernelbase.dll.mui | 0xda56cd0000 | 0xda56daefff | Memory Mapped File | r |
|
|
|
- |
| sortdefault.nls | 0xda56db0000 | 0xda570e6fff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000da570f0000 | 0xda570f0000 | 0xda571effff | Private Memory | rw |
|
|
|
- |
| private_0x000000da571f0000 | 0xda571f0000 | 0xda572effff | Private Memory | rw |
|
|
|
- |
| private_0x000000da572f0000 | 0xda572f0000 | 0xda573effff | Private Memory | rw |
|
|
|
- |
| private_0x000000da573f0000 | 0xda573f0000 | 0xda574effff | Private Memory | rw |
|
|
|
- |
| private_0x000000da574f0000 | 0xda574f0000 | 0xda575effff | Private Memory | rw |
|
|
|
- |
| private_0x000000da575f0000 | 0xda575f0000 | 0xda575f0fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000da57600000 | 0xda57600000 | 0xda57603fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000da57610000 | 0xda57610000 | 0xda57616fff | Private Memory | rw |
|
|
|
- |
| resources.pri | 0xda57620000 | 0xda576f3fff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000da57700000 | 0xda57700000 | 0xda577fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da57800000 | 0xda57800000 | 0xda57ffffff | Private Memory | - |
|
|
|
- |
| private_0x000000da58000000 | 0xda58000000 | 0xda580fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da58100000 | 0xda58100000 | 0xda581fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da58200000 | 0xda58200000 | 0xda582fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da58300000 | 0xda58300000 | 0xda583fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da58400000 | 0xda58400000 | 0xda584fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da58500000 | 0xda58500000 | 0xda585fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da58600000 | 0xda58600000 | 0xda586fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da58700000 | 0xda58700000 | 0xda587fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da58800000 | 0xda58800000 | 0xda588fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da58900000 | 0xda58900000 | 0xda589fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da58a00000 | 0xda58a00000 | 0xda58afffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da58b00000 | 0xda58b00000 | 0xda58bfffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da58c00000 | 0xda58c00000 | 0xda58cfffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da58d00000 | 0xda58d00000 | 0xda58dfffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da58e00000 | 0xda58e00000 | 0xda58efffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da58f00000 | 0xda58f00000 | 0xda58ffffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da59000000 | 0xda59000000 | 0xda590fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da59100000 | 0xda59100000 | 0xda591fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da59200000 | 0xda59200000 | 0xda59200fff | Private Memory | rw |
|
|
|
- |
| private_0x000000da59220000 | 0xda59220000 | 0xda59220fff | Private Memory | rw |
|
|
|
- |
| private_0x000000da59230000 | 0xda59230000 | 0xda59230fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000da59240000 | 0xda59240000 | 0xda59243fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000da59250000 | 0xda59250000 | 0xda59250fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000da59260000 | 0xda59260000 | 0xda59263fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000da59270000 | 0xda59270000 | 0xda59276fff | Private Memory | rw |
|
|
|
- |
| ~fontcache-system.dat | 0xda59280000 | 0xda592f5fff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000da59300000 | 0xda59300000 | 0xda593fffff | Private Memory | rw |
|
|
|
- |
| segoeui.ttf | 0xda59400000 | 0xda594defff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000da594e0000 | 0xda594e0000 | 0xda594e6fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000da594f0000 | 0xda594f0000 | 0xda594f3fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000da59500000 | 0xda59500000 | 0xda595fffff | Private Memory | rw |
|
|
|
- |
| ~fontcache-fontface.dat | 0xda59600000 | 0xda5a5fffff | Memory Mapped File | r |
|
|
|
- |
| ~fontcache-s-1-5-21-1462094071-1423818996-289466292-1000.dat | 0xda5a600000 | 0xda5adfffff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000da5ae00000 | 0xda5ae00000 | 0xda5aefffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da5af00000 | 0xda5af00000 | 0xda5affffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da5b000000 | 0xda5b000000 | 0xda5b0fffff | Private Memory | rw |
|
|
|
- |
| tilecache_100_0_data.bin | 0xda5b100000 | 0xda5b1fffff | Memory Mapped File | rw |
|
|
|
- |
| pagefile_0x000000da5b200000 | 0xda5b200000 | 0xda5b4bffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000da5b4c0000 | 0xda5b4c0000 | 0xda5b5bffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da5b5c0000 | 0xda5b5c0000 | 0xda5b6bffff | Private Memory | rw |
|
|
|
- |
| msxml6r.dll | 0xda5b6c0000 | 0xda5b6c0fff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000da5b700000 | 0xda5b700000 | 0xda5b7fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da5b800000 | 0xda5b800000 | 0xda5b8fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da5b900000 | 0xda5b900000 | 0xda5b97ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da5ba00000 | 0xda5ba00000 | 0xda5bafffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da5bb00000 | 0xda5bb00000 | 0xda5bbfffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da5bc00000 | 0xda5bc00000 | 0xda5bcfffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da5bd00000 | 0xda5bd00000 | 0xda5bdfffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da5be00000 | 0xda5be00000 | 0xda5befffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da5bf00000 | 0xda5bf00000 | 0xda5bffffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da5c000000 | 0xda5c000000 | 0xda5c0fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da5c100000 | 0xda5c100000 | 0xda5c1fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da5c200000 | 0xda5c200000 | 0xda5c2fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da5c300000 | 0xda5c300000 | 0xda5c3fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da5c400000 | 0xda5c400000 | 0xda5c4fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da5c500000 | 0xda5c500000 | 0xda5c5fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da5c600000 | 0xda5c600000 | 0xda5c6fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da5c700000 | 0xda5c700000 | 0xda5c7fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da5c800000 | 0xda5c800000 | 0xda5c8fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da5c900000 | 0xda5c900000 | 0xda5c9fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da5ca00000 | 0xda5ca00000 | 0xda5cafffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da5cb00000 | 0xda5cb00000 | 0xda5cbfffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da5cc00000 | 0xda5cc00000 | 0xda5ccfffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da5cd00000 | 0xda5cd00000 | 0xda5cdfffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da5ce00000 | 0xda5ce00000 | 0xda5cefffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da5cf00000 | 0xda5cf00000 | 0xda5cffffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da5d000000 | 0xda5d000000 | 0xda5d0fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da5d1d0000 | 0xda5d1d0000 | 0xda5d1d6fff | Private Memory | rw |
|
|
|
- |
| private_0x000000da5d200000 | 0xda5d200000 | 0xda5d2fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da5d300000 | 0xda5d300000 | 0xda5d3fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da5d400000 | 0xda5d400000 | 0xda5d4fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da5d500000 | 0xda5d500000 | 0xda5d5fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000da5d600000 | 0xda5d600000 | 0xda5d6fffff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff631eca000 | 0x7ff631eca000 | 0x7ff631ecbfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff631ecc000 | 0x7ff631ecc000 | 0x7ff631ecdfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff631ece000 | 0x7ff631ece000 | 0x7ff631ecffff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff631ed0000 | 0x7ff631ed0000 | 0x7ff631ed1fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff631ed2000 | 0x7ff631ed2000 | 0x7ff631ed3fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff631ed4000 | 0x7ff631ed4000 | 0x7ff631ed5fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff631ed6000 | 0x7ff631ed6000 | 0x7ff631ed7fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff631ed8000 | 0x7ff631ed8000 | 0x7ff631ed9fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff631eda000 | 0x7ff631eda000 | 0x7ff631edbfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff631edc000 | 0x7ff631edc000 | 0x7ff631eddfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff631ede000 | 0x7ff631ede000 | 0x7ff631edffff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff631ee0000 | 0x7ff631ee0000 | 0x7ff631ee1fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff631ee2000 | 0x7ff631ee2000 | 0x7ff631ee3fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff631ee4000 | 0x7ff631ee4000 | 0x7ff631ee5fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff631ee6000 | 0x7ff631ee6000 | 0x7ff631ee7fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff631ee8000 | 0x7ff631ee8000 | 0x7ff631ee9fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff631eea000 | 0x7ff631eea000 | 0x7ff631eebfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff631eec000 | 0x7ff631eec000 | 0x7ff631eedfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff631eee000 | 0x7ff631eee000 | 0x7ff631eeffff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff631ef0000 | 0x7ff631ef0000 | 0x7ff631ef1fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff631ef2000 | 0x7ff631ef2000 | 0x7ff631ef3fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff631ef4000 | 0x7ff631ef4000 | 0x7ff631ef5fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff631ef6000 | 0x7ff631ef6000 | 0x7ff631ef7fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff631ef8000 | 0x7ff631ef8000 | 0x7ff631ef9fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff631efa000 | 0x7ff631efa000 | 0x7ff631efbfff | Private Memory | rw |
|
|
|
- |
|
For performance reasons, the remaining 135 entries are omitted.
The remaining entries can be found in flog.txt. |
||||||||
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #2: c:\users\public\mksmd.exe | 0x6b4 | address = 0x7ff6d3e70000, size = 3760128 |
|
1 | |
| Create Remote Thread | #2: c:\users\public\mksmd.exe | 0x6b4 | address = 0x7ff6d3e72870 |
|
1 |
Threads
Thread 0xcb4
86
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Load | module_name = kernel32.dll, base_address = 0x7ffc55800000 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = LoadLibraryA, address_out = 0x7ffc55822080 |
|
1 | |
| Module | Load | module_name = mpr.dll, base_address = 0x7ffc53810000 |
|
1 | |
| Module | Load | module_name = advapi32.dll, base_address = 0x7ffc57aa0000 |
|
1 | |
| Module | Load | module_name = ole32.dll, base_address = 0x7ffc57750000 |
|
1 | |
| Module | Load | module_name = Shell32.dll, base_address = 0x7ffc559d0000 |
|
1 | |
| Module | Load | module_name = Iphlpapi.dll, base_address = 0x7ffc51c50000 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetLastError, address_out = 0x7ffc55816060 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VirtualFree, address_out = 0x7ffc5581bc10 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CryptExportKey, address_out = 0x7ffc57ab7b50 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = DeleteFileW, address_out = 0x7ffc558257a0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetDriveTypeW, address_out = 0x7ffc558258f0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetCommandLineW, address_out = 0x7ffc55820150 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetStartupInfoW, address_out = 0x7ffc5581ed80 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = FindNextFileW, address_out = 0x7ffc55825880 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VirtualAlloc, address_out = 0x7ffc5581baf0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetUserNameA, address_out = 0x7ffc57acec40 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = ExitProcess, address_out = 0x7ffc5581ef50 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = Wow64RevertWow64FsRedirection, address_out = 0x7ffc558436a0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CreateProcessA, address_out = 0x7ffc5581d5b0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetIpNetTable, address_out = 0x7ffc51c6f0b0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetVersionExW, address_out = 0x7ffc5581aa30 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = Wow64DisableWow64FsRedirection, address_out = 0x7ffc55843690 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetSystemDefaultLangID, address_out = 0x7ffc55822ba0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetUserNameW, address_out = 0x7ffc57abda40 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = ReadFile, address_out = 0x7ffc55825a90 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = RegQueryValueExA, address_out = 0x7ffc57ab7dd0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CloseHandle, address_out = 0x7ffc55825510 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = RegSetValueExW, address_out = 0x7ffc57ab7850 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = RegCloseKey, address_out = 0x7ffc57ab72e0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CopyFileA, address_out = 0x7ffc5583e430 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = SetFileAttributesW, address_out = 0x7ffc55825b00 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = WinExec, address_out = 0x7ffc55841e60 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CryptDeriveKey, address_out = 0x7ffc57ad07a0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CryptGenKey, address_out = 0x7ffc57abcab0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = Sleep, address_out = 0x7ffc55818f00 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetCurrentProcess, address_out = 0x7ffc55816580 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = ShellExecuteW, address_out = 0x7ffc55b1abc0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetFileSize, address_out = 0x7ffc55825950 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GlobalAlloc, address_out = 0x7ffc5581b810 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = FindClose, address_out = 0x7ffc558257c0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = WaitForMultipleObjects, address_out = 0x7ffc558256e0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetModuleFileNameA, address_out = 0x7ffc55820c70 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = ShellExecuteA, address_out = 0x7ffc55bd7de0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetModuleHandleA, address_out = 0x7ffc5581e6d0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetModuleFileNameW, address_out = 0x7ffc5581eca0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CreateFileA, address_out = 0x7ffc55825760 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetFileSizeEx, address_out = 0x7ffc55825960 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = WriteFile, address_out = 0x7ffc55825b80 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetLogicalDrives, address_out = 0x7ffc558166d0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = WNetEnumResourceW, address_out = 0x7ffc538127d0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = RegOpenKeyExW, address_out = 0x7ffc57ab6cb0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = WNetCloseEnum, address_out = 0x7ffc53812e20 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetWindowsDirectoryW, address_out = 0x7ffc55822940 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = SetFileAttributesA, address_out = 0x7ffc55825af0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = RegOpenKeyExA, address_out = 0x7ffc57ab7d70 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = SetFilePointer, address_out = 0x7ffc55825b20 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetTickCount, address_out = 0x7ffc558160a0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetFileAttributesW, address_out = 0x7ffc55825930 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = FindFirstFileW, address_out = 0x7ffc55825840 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CryptAcquireContextW, address_out = 0x7ffc57ab89e0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MoveFileExW, address_out = 0x7ffc55823010 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = WNetOpenEnumW, address_out = 0x7ffc53812f20 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CoInitialize, address_out = 0x7ffc57763870 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CryptDecrypt, address_out = 0x7ffc57ab9140 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CryptImportKey, address_out = 0x7ffc57ab7b40 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = SetFilePointerEx, address_out = 0x7ffc55825b30 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CopyFileW, address_out = 0x7ffc55825d70 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = FreeLibrary, address_out = 0x7ffc5581eb90 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CreateProcessW, address_out = 0x7ffc5581dee0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CreateDirectoryW, address_out = 0x7ffc55825740 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CreateThread, address_out = 0x7ffc5581bc20 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CryptDestroyKey, address_out = 0x7ffc57ab86b0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CoCreateInstance, address_out = 0x7ffc57257000 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CreateFileW, address_out = 0x7ffc55825770 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetFileAttributesA, address_out = 0x7ffc55825900 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CryptEncrypt, address_out = 0x7ffc57abd7e0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = RegDeleteValueW, address_out = 0x7ffc57ab90b0 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| System | Get Info | type = Windows Directory, result_out = C:\Windows |
|
1 | |
| File | Create | filename = C:\users\Public\sys, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
1 | |
| File | Create | filename = C:\users\Public\sys, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
1 | |
| System | Sleep | duration = 5000 milliseconds (5.000 seconds) |
|
1 | |
| User | Lookup Privilege | privilege = SeBackupPrivilege, luid = 17 |
|
1 |
Process #13: searchui.exe
86
0
| Information | Value |
|---|---|
| ID | #13 |
| File Name | c:\windows\systemapps\microsoft.windows.cortana_cw5n1h2txyewy\searchui.exe |
| Command Line | "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca |
| Initial Working Directory | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\ |
| Monitor | Start Time: 00:02:08, Reason: Injection |
| Unmonitor | End Time: 00:03:28, Reason: Crashed |
| Monitor Duration | 00:01:20 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x9e4 |
| Parent PID | 0x23c (c:\windows\system32\svchost.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Low |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
84
0x
870
0x
8C0
0x
B28
0x
B14
0x
B08
0x
B04
0x
B00
0x
AFC
0x
AF8
0x
AF0
0x
AC0
0x
ABC
0x
AB8
0x
AAC
0x
AA8
0x
AA4
0x
AA0
0x
A9C
0x
A98
0x
A88
0x
A28
0x
A24
0x
A20
0x
A18
0x
A14
0x
A0C
0x
A08
0x
A04
0x
A00
0x
9FC
0x
9F8
0x
9F4
0x
9F0
0x
9E8
0x
D60
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| pagefile_0x000000ae80000000 | 0xae80000000 | 0xae80180fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000ae80190000 | 0xae80190000 | 0xae8158ffff | Pagefile Backed Memory | r |
|
|
|
- |
| kernelbase.dll.mui | 0xae81590000 | 0xae8166efff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000ae81670000 | 0xae81670000 | 0xae8176ffff | Private Memory | rw |
|
|
|
- |
| sortdefault.nls | 0xae81770000 | 0xae81aa6fff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000ae81ab0000 | 0xae81ab0000 | 0xae81baffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae81bb0000 | 0xae81bb0000 | 0xae81caffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae81cb0000 | 0xae81cb0000 | 0xae81daffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae81db0000 | 0xae81db0000 | 0xae81eaffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae81eb0000 | 0xae81eb0000 | 0xae81faffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae81fb0000 | 0xae81fb0000 | 0xae820affff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae820b0000 | 0xae820b0000 | 0xae821affff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000ae821b0000 | 0xae821b0000 | 0xae821b0fff | Pagefile Backed Memory | rw |
|
|
|
- |
| counters.dat | 0xae821c0000 | 0xae821c0fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x000000ae821d0000 | 0xae821d0000 | 0xae821d0fff | Pagefile Backed Memory | rw |
|
|
|
- |
| resources.pri | 0xae821e0000 | 0xae82200fff | Memory Mapped File | r |
|
|
|
- |
| 2495906576.pri | 0xae82210000 | 0xae82223fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x000000ae82230000 | 0xae82230000 | 0xae82230fff | Pagefile Backed Memory | rw |
|
|
|
- |
| app.xbf | 0xae82240000 | 0xae82240fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x000000ae82250000 | 0xae82250000 | 0xae82250fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000ae82260000 | 0xae82260000 | 0xae82260fff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae82270000 | 0xae82270000 | 0xae82270fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000ae82280000 | 0xae82280000 | 0xae82280fff | Pagefile Backed Memory | rw |
|
|
|
- |
| dictionary.xbf | 0xae82290000 | 0xae82293fff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000ae822a0000 | 0xae822a0000 | 0xae822a6fff | Private Memory | rw |
|
|
|
- |
| resources.en-us.pri | 0xae822b0000 | 0xae822c5fff | Memory Mapped File | r |
|
|
|
- |
| reactivecat1themeresources.xbf | 0xae822d0000 | 0xae822d4fff | Memory Mapped File | r |
|
|
|
- |
| speechtextinputthemeresources.xbf | 0xae822e0000 | 0xae822e1fff | Memory Mapped File | r |
|
|
|
- |
| cortanawindow.xbf | 0xae822f0000 | 0xae822f0fff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000ae82300000 | 0xae82300000 | 0xae823fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae82400000 | 0xae82400000 | 0xae824fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae82500000 | 0xae82500000 | 0xae825fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae82600000 | 0xae82600000 | 0xae82dfffff | Private Memory | - |
|
|
|
- |
| private_0x000000ae82e00000 | 0xae82e00000 | 0xae82efffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae82f00000 | 0xae82f00000 | 0xae82ffffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae83000000 | 0xae83000000 | 0xae830fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae83100000 | 0xae83100000 | 0xae831fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae83200000 | 0xae83200000 | 0xae832fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae83300000 | 0xae83300000 | 0xae833fffff | Private Memory | rw |
|
|
|
- |
| shell32.dll.mui | 0xae83400000 | 0xae83460fff | Memory Mapped File | r |
|
|
|
- |
| chrome.xbf | 0xae83470000 | 0xae83477fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x000000ae83480000 | 0xae83480000 | 0xae83481fff | Pagefile Backed Memory | rw |
|
|
|
- |
| msxml6r.dll | 0xae834a0000 | 0xae834a0fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x000000ae834b0000 | 0xae834b0000 | 0xae834b3fff | Pagefile Backed Memory | r |
|
|
|
- |
| homeburgermenucontrol.xbf | 0xae834c0000 | 0xae834c0fff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000ae834d0000 | 0xae834d0000 | 0xae834d6fff | Private Memory | rw |
|
|
|
- |
| greetingscontrol.xbf | 0xae834e0000 | 0xae834e1fff | Memory Mapped File | r |
|
|
|
- |
| hostedwebviewcontrol.xbf | 0xae834f0000 | 0xae834f0fff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000ae83500000 | 0xae83500000 | 0xae835fffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000ae83600000 | 0xae83600000 | 0xae836b7fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000ae836c0000 | 0xae836c0000 | 0xae836c6fff | Private Memory | rw |
|
|
|
- |
| speechtextinputcontrol.xbf | 0xae836d0000 | 0xae836d1fff | Memory Mapped File | r |
|
|
|
- |
| searchboxcontrol.xbf | 0xae836e0000 | 0xae836e0fff | Memory Mapped File | r |
|
|
|
- |
| windows.ui.xaml.dll.mui | 0xae836f0000 | 0xae836f9fff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000ae83700000 | 0xae83700000 | 0xae837fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae83800000 | 0xae83800000 | 0xae838fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae83900000 | 0xae83900000 | 0xae839fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae83a00000 | 0xae83a00000 | 0xae83afffff | Private Memory | rw |
|
|
|
- |
| ~fontcache-system.dat | 0xae83b00000 | 0xae83b75fff | Memory Mapped File | r |
|
|
|
- |
| ~fontcache-fontface.dat | 0xae83b80000 | 0xae84b7ffff | Memory Mapped File | r |
|
|
|
- |
| segoeui.ttf | 0xae84b80000 | 0xae84c5efff | Memory Mapped File | r |
|
|
|
- |
| ~fontcache-s-1-5-21-1462094071-1423818996-289466292-1000.dat | 0xae84c60000 | 0xae8545ffff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000ae85660000 | 0xae85660000 | 0xae85660fff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae85670000 | 0xae85670000 | 0xae85670fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000ae85680000 | 0xae85680000 | 0xae85683fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000ae85690000 | 0xae85690000 | 0xae856affff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae856b0000 | 0xae856b0000 | 0xae856fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae85700000 | 0xae85700000 | 0xae857fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae85800000 | 0xae85800000 | 0xae858fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae85900000 | 0xae85900000 | 0xae85900fff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae85910000 | 0xae85910000 | 0xae85910fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000ae85920000 | 0xae85920000 | 0xae85920fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000ae85930000 | 0xae85930000 | 0xae85936fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000ae85940000 | 0xae85940000 | 0xae85940fff | Pagefile Backed Memory | rw |
|
|
|
- |
| edgehtml.dll.mui | 0xae85960000 | 0xae859bffff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x000000ae859c0000 | 0xae859c0000 | 0xae859cffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000ae859d0000 | 0xae859d0000 | 0xae859dffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000ae859e0000 | 0xae859e0000 | 0xae859fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae85a00000 | 0xae85a00000 | 0xae85afffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae85b00000 | 0xae85b00000 | 0xae85bfffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae85c00000 | 0xae85c00000 | 0xae85cfffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae85d00000 | 0xae85d00000 | 0xae85dfffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae85e00000 | 0xae85e00000 | 0xae85efffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae85f00000 | 0xae85f00000 | 0xae85ffffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae86000000 | 0xae86000000 | 0xae860fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae86100000 | 0xae86100000 | 0xae8611ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae86120000 | 0xae86120000 | 0xae8616ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae86170000 | 0xae86170000 | 0xae8626ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae86270000 | 0xae86270000 | 0xae8628ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae86290000 | 0xae86290000 | 0xae8638ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae86390000 | 0xae86390000 | 0xae863affff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae863b0000 | 0xae863b0000 | 0xae863cffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae863d0000 | 0xae863d0000 | 0xae863effff | Private Memory | rw |
|
|
|
- |
| cortana.internal.search.winmd | 0xae863f0000 | 0xae86400fff | Memory Mapped File | rwx |
|
|
|
- |
| cortana.search.winmd | 0xae86410000 | 0xae86417fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000ae86420000 | 0xae86420000 | 0xae8643ffff | Private Memory | rw |
|
|
|
- |
| windows.foundation.winmd | 0xae86440000 | 0xae8644efff | Memory Mapped File | rwx |
|
|
|
- |
| windows.security.winmd | 0xae86450000 | 0xae8646dfff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000ae86470000 | 0xae86470000 | 0xae8656ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae86570000 | 0xae86570000 | 0xae8658ffff | Private Memory | rw |
|
|
|
- |
| windows.storage.winmd | 0xae86590000 | 0xae865aafff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000ae865b0000 | 0xae865b0000 | 0xae865cffff | Private Memory | rw |
|
|
|
- |
| chakra.dll.mui | 0xae865d0000 | 0xae865d9fff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000ae865e0000 | 0xae865e0000 | 0xae865fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae86620000 | 0xae86620000 | 0xae8663ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae86680000 | 0xae86680000 | 0xae8669ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae866a0000 | 0xae866a0000 | 0xae866bffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae866c0000 | 0xae866c0000 | 0xae867bffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae867e0000 | 0xae867e0000 | 0xae867fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae86800000 | 0xae86800000 | 0xae8681ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae86820000 | 0xae86820000 | 0xae8683ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae86840000 | 0xae86840000 | 0xae8685ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae86860000 | 0xae86860000 | 0xae8687ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae86880000 | 0xae86880000 | 0xae8689ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae868c0000 | 0xae868c0000 | 0xae868dffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae868e0000 | 0xae868e0000 | 0xae868fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae86900000 | 0xae86900000 | 0xae869fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae86a00000 | 0xae86a00000 | 0xae86afffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae86b00000 | 0xae86b00000 | 0xae86bfffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae86c40000 | 0xae86c40000 | 0xae86c5ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae86c60000 | 0xae86c60000 | 0xae86c7ffff | Private Memory | rwx |
|
|
|
- |
| private_0x000000ae86c80000 | 0xae86c80000 | 0xae86c9ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae86ca0000 | 0xae86ca0000 | 0xae86cbffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae86cc0000 | 0xae86cc0000 | 0xae86cdffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae86ce0000 | 0xae86ce0000 | 0xae86cfffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae86d20000 | 0xae86d20000 | 0xae86d3ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae86d40000 | 0xae86d40000 | 0xae86d5ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae86d60000 | 0xae86d60000 | 0xae86d7ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae86d80000 | 0xae86d80000 | 0xae86d9ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae86da0000 | 0xae86da0000 | 0xae86dbffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae86dc0000 | 0xae86dc0000 | 0xae86ddffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae86de0000 | 0xae86de0000 | 0xae86dfffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae86e00000 | 0xae86e00000 | 0xae86e1ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae86e20000 | 0xae86e20000 | 0xae86e3ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae86e40000 | 0xae86e40000 | 0xae86f3ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae86f40000 | 0xae86f40000 | 0xae86f5ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae86f60000 | 0xae86f60000 | 0xae86f7ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae86f80000 | 0xae86f80000 | 0xae86f9ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae86fa0000 | 0xae86fa0000 | 0xae86fbffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae86fc0000 | 0xae86fc0000 | 0xae86fdffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae86fe0000 | 0xae86fe0000 | 0xae86ffffff | Private Memory | rwx |
|
|
|
- |
| private_0x000000ae87000000 | 0xae87000000 | 0xae870fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae87100000 | 0xae87100000 | 0xae871fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae87200000 | 0xae87200000 | 0xae872fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae87300000 | 0xae87300000 | 0xae8731ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae873c0000 | 0xae873c0000 | 0xae874bffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae874c0000 | 0xae874c0000 | 0xae874dffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae874e0000 | 0xae874e0000 | 0xae874fffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae87600000 | 0xae87600000 | 0xae8761ffff | Private Memory | rw |
|
|
|
- |
|
For performance reasons, the remaining 246 entries are omitted.
The remaining entries can be found in flog.txt. |
||||||||
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #2: c:\users\public\mksmd.exe | 0x6b4 | address = 0x7ff6d3e70000, size = 3760128 |
|
1 | |
| Create Remote Thread | #2: c:\users\public\mksmd.exe | 0x6b4 | address = 0x7ff6d3e72870 |
|
1 |
Threads
Thread 0xd60
86
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Load | module_name = kernel32.dll, base_address = 0x7ffc55800000 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = LoadLibraryA, address_out = 0x7ffc55822080 |
|
1 | |
| Module | Load | module_name = mpr.dll, base_address = 0x7ffc53810000 |
|
1 | |
| Module | Load | module_name = advapi32.dll, base_address = 0x7ffc57aa0000 |
|
1 | |
| Module | Load | module_name = ole32.dll, base_address = 0x7ffc57750000 |
|
1 | |
| Module | Load | module_name = Shell32.dll, base_address = 0x7ffc559d0000 |
|
1 | |
| Module | Load | module_name = Iphlpapi.dll, base_address = 0x7ffc51c50000 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetLastError, address_out = 0x7ffc55816060 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VirtualFree, address_out = 0x7ffc5581bc10 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CryptExportKey, address_out = 0x7ffc57ab7b50 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = DeleteFileW, address_out = 0x7ffc558257a0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetDriveTypeW, address_out = 0x7ffc558258f0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetCommandLineW, address_out = 0x7ffc55820150 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetStartupInfoW, address_out = 0x7ffc5581ed80 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = FindNextFileW, address_out = 0x7ffc55825880 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VirtualAlloc, address_out = 0x7ffc5581baf0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetUserNameA, address_out = 0x7ffc57acec40 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = ExitProcess, address_out = 0x7ffc5581ef50 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = Wow64RevertWow64FsRedirection, address_out = 0x7ffc558436a0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CreateProcessA, address_out = 0x7ffc5581d5b0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetIpNetTable, address_out = 0x7ffc51c6f0b0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetVersionExW, address_out = 0x7ffc5581aa30 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = Wow64DisableWow64FsRedirection, address_out = 0x7ffc55843690 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetSystemDefaultLangID, address_out = 0x7ffc55822ba0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetUserNameW, address_out = 0x7ffc57abda40 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = ReadFile, address_out = 0x7ffc55825a90 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = RegQueryValueExA, address_out = 0x7ffc57ab7dd0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CloseHandle, address_out = 0x7ffc55825510 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = RegSetValueExW, address_out = 0x7ffc57ab7850 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = RegCloseKey, address_out = 0x7ffc57ab72e0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CopyFileA, address_out = 0x7ffc5583e430 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = SetFileAttributesW, address_out = 0x7ffc55825b00 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = WinExec, address_out = 0x7ffc55841e60 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CryptDeriveKey, address_out = 0x7ffc57ad07a0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CryptGenKey, address_out = 0x7ffc57abcab0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = Sleep, address_out = 0x7ffc55818f00 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetCurrentProcess, address_out = 0x7ffc55816580 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = ShellExecuteW, address_out = 0x7ffc55b1abc0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetFileSize, address_out = 0x7ffc55825950 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GlobalAlloc, address_out = 0x7ffc5581b810 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = FindClose, address_out = 0x7ffc558257c0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = WaitForMultipleObjects, address_out = 0x7ffc558256e0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetModuleFileNameA, address_out = 0x7ffc55820c70 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = ShellExecuteA, address_out = 0x7ffc55bd7de0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetModuleHandleA, address_out = 0x7ffc5581e6d0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetModuleFileNameW, address_out = 0x7ffc5581eca0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CreateFileA, address_out = 0x7ffc55825760 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetFileSizeEx, address_out = 0x7ffc55825960 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = WriteFile, address_out = 0x7ffc55825b80 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetLogicalDrives, address_out = 0x7ffc558166d0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = WNetEnumResourceW, address_out = 0x7ffc538127d0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = RegOpenKeyExW, address_out = 0x7ffc57ab6cb0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = WNetCloseEnum, address_out = 0x7ffc53812e20 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetWindowsDirectoryW, address_out = 0x7ffc55822940 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = SetFileAttributesA, address_out = 0x7ffc55825af0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = RegOpenKeyExA, address_out = 0x7ffc57ab7d70 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = SetFilePointer, address_out = 0x7ffc55825b20 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetTickCount, address_out = 0x7ffc558160a0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetFileAttributesW, address_out = 0x7ffc55825930 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = FindFirstFileW, address_out = 0x7ffc55825840 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CryptAcquireContextW, address_out = 0x7ffc57ab89e0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MoveFileExW, address_out = 0x7ffc55823010 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = WNetOpenEnumW, address_out = 0x7ffc53812f20 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CoInitialize, address_out = 0x7ffc57763870 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CryptDecrypt, address_out = 0x7ffc57ab9140 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CryptImportKey, address_out = 0x7ffc57ab7b40 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = SetFilePointerEx, address_out = 0x7ffc55825b30 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CopyFileW, address_out = 0x7ffc55825d70 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = FreeLibrary, address_out = 0x7ffc5581eb90 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CreateProcessW, address_out = 0x7ffc5581dee0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CreateDirectoryW, address_out = 0x7ffc55825740 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CreateThread, address_out = 0x7ffc5581bc20 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CryptDestroyKey, address_out = 0x7ffc57ab86b0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CoCreateInstance, address_out = 0x7ffc57257000 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CreateFileW, address_out = 0x7ffc55825770 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetFileAttributesA, address_out = 0x7ffc55825900 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CryptEncrypt, address_out = 0x7ffc57abd7e0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = RegDeleteValueW, address_out = 0x7ffc57ab90b0 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| System | Get Info | type = Windows Directory, result_out = C:\Windows |
|
1 | |
| File | Create | filename = C:\users\Public\sys, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
1 | |
| File | Create | filename = C:\users\Public\sys, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
1 | |
| System | Sleep | duration = 5000 milliseconds (5.000 seconds) |
|
1 | |
| User | Lookup Privilege | privilege = SeBackupPrivilege, luid = 17 |
|
1 |
Process #14: net1.exe
67
0
| Information | Value |
|---|---|
| ID | #14 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "audioendpointbuilder" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:02:09, Reason: Child Process |
| Unmonitor | End Time: 00:02:16, Reason: Self Terminated |
| Monitor Duration | 00:00:07 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xd74 |
| Parent PID | 0xd48 (c:\windows\system32\net.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
C50
0x
C48
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x0000001d22900000 | 0x1d22900000 | 0x1d2291ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000001d22900000 | 0x1d22900000 | 0x1d2290ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000001d22910000 | 0x1d22910000 | 0x1d22916fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000001d22920000 | 0x1d22920000 | 0x1d22933fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000001d22940000 | 0x1d22940000 | 0x1d229bffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000001d229c0000 | 0x1d229c0000 | 0x1d229c3fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000001d229d0000 | 0x1d229d0000 | 0x1d229d0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000001d229e0000 | 0x1d229e0000 | 0x1d229e1fff | Private Memory | rw |
|
|
|
- |
| private_0x0000001d229f0000 | 0x1d229f0000 | 0x1d22aeffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x1d22af0000 | 0x1d22badfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000001d22bb0000 | 0x1d22bb0000 | 0x1d22c2ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000001d22c30000 | 0x1d22c30000 | 0x1d22c36fff | Private Memory | rw |
|
|
|
- |
| netmsg.dll | 0x1d22c40000 | 0x1d22c42fff | Memory Mapped File | rwx |
|
|
|
- |
| netmsg.dll.mui | 0x1d22c50000 | 0x1d22c81fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000001d22cf0000 | 0x1d22cf0000 | 0x1d22cfffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ffe10000 | 0x7df5ffe10000 | 0x7ff5ffe0ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff719800000 | 0x7ff719800000 | 0x7ff7198fffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff719900000 | 0x7ff719900000 | 0x7ff719922fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff71992b000 | 0x7ff71992b000 | 0x7ff71992cfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff71992d000 | 0x7ff71992d000 | 0x7ff71992efff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff71992f000 | 0x7ff71992f000 | 0x7ff71992ffff | Private Memory | rw |
|
|
|
- |
| net1.exe | 0x7ff71a490000 | 0x7ff71a4cbfff | Memory Mapped File | rwx |
|
|
|
- |
| browcli.dll | 0x7ffc466b0000 | 0x7ffc466c3fff | Memory Mapped File | rwx |
|
|
|
- |
| samcli.dll | 0x7ffc50ec0000 | 0x7ffc50ed7fff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x7ffc514b0000 | 0x7ffc514c5fff | Memory Mapped File | rwx |
|
|
|
- |
| dsrole.dll | 0x7ffc51ca0000 | 0x7ffc51ca9fff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x7ffc53830000 | 0x7ffc5383bfff | Memory Mapped File | rwx |
|
|
|
- |
| srvcli.dll | 0x7ffc53840000 | 0x7ffc53865fff | Memory Mapped File | rwx |
|
|
|
- |
| logoncli.dll | 0x7ffc53ba0000 | 0x7ffc53bddfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Threads
Thread 0xc50
67
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\system32\net1.exe, base_address = 0x7ff71a490000 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = AUDIOENDPOINTBUILDER |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Info | service_name = AUDIOENDPOINTBUILDER |
|
1 | |
| Service | Get Info | service_name = AUDIOENDPOINTBUILDER |
|
1 | |
| Service | Get Display Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Module | Load | module_name = NETMSG, base_address = 0x1d22c40000 |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 169 |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 16 |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = Audiosrv |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = Audiosrv |
|
1 | |
| Service | Get Display Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 37 |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 1 |
|
1 | |
| System | Sleep | duration = 2500 milliseconds (2.500 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = Audiosrv |
|
1 | |
| Service | Get Info | service_name = Audiosrv |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Service | Get Display Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 53 |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = AUDIOENDPOINTBUILDER |
|
1 | |
| Service | Get Display Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 54 |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 1 |
|
1 | |
| System | Sleep | duration = 2500 milliseconds (2.500 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = AUDIOENDPOINTBUILDER |
|
1 | |
| Service | Get Info | service_name = AUDIOENDPOINTBUILDER |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Service | Get Display Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 70 |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 |
Process #15: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #15 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:02:09, Reason: Child Process |
| Unmonitor | End Time: 00:02:10, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xc3c |
| Parent PID | 0xd34 (c:\windows\system32\net.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
C44
0x
C58
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000b5ddd60000 | 0xb5ddd60000 | 0xb5ddd7ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000b5ddd60000 | 0xb5ddd60000 | 0xb5ddd6ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000b5ddd70000 | 0xb5ddd70000 | 0xb5ddd76fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000b5ddd80000 | 0xb5ddd80000 | 0xb5ddd93fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000b5ddda0000 | 0xb5ddda0000 | 0xb5dde1ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000b5dde20000 | 0xb5dde20000 | 0xb5dde23fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000b5dde30000 | 0xb5dde30000 | 0xb5dde30fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000b5dde40000 | 0xb5dde40000 | 0xb5dde41fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0xb5dde50000 | 0xb5ddf0dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000b5ddf10000 | 0xb5ddf10000 | 0xb5ddf16fff | Private Memory | rw |
|
|
|
- |
| netmsg.dll | 0xb5ddf20000 | 0xb5ddf22fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000b5ddf50000 | 0xb5ddf50000 | 0xb5de04ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000b5de050000 | 0xb5de050000 | 0xb5de0cffff | Private Memory | rw |
|
|
|
- |
| netmsg.dll.mui | 0xb5de0d0000 | 0xb5de101fff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000b5de1e0000 | 0xb5de1e0000 | 0xb5de1effff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff870000 | 0x7df5ff870000 | 0x7ff5ff86ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff719a30000 | 0x7ff719a30000 | 0x7ff719b2ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff719b30000 | 0x7ff719b30000 | 0x7ff719b52fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff719b56000 | 0x7ff719b56000 | 0x7ff719b56fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff719b5c000 | 0x7ff719b5c000 | 0x7ff719b5dfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff719b5e000 | 0x7ff719b5e000 | 0x7ff719b5ffff | Private Memory | rw |
|
|
|
- |
| net1.exe | 0x7ff71a490000 | 0x7ff71a4cbfff | Memory Mapped File | rwx |
|
|
|
- |
| browcli.dll | 0x7ffc466b0000 | 0x7ffc466c3fff | Memory Mapped File | rwx |
|
|
|
- |
| samcli.dll | 0x7ffc50ec0000 | 0x7ffc50ed7fff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x7ffc514b0000 | 0x7ffc514c5fff | Memory Mapped File | rwx |
|
|
|
- |
| dsrole.dll | 0x7ffc51ca0000 | 0x7ffc51ca9fff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x7ffc53830000 | 0x7ffc5383bfff | Memory Mapped File | rwx |
|
|
|
- |
| srvcli.dll | 0x7ffc53840000 | 0x7ffc53865fff | Memory Mapped File | rwx |
|
|
|
- |
| logoncli.dll | 0x7ffc53ba0000 | 0x7ffc53bddfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Threads
Thread 0xc44
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\system32\net1.exe, base_address = 0x7ff71a490000 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = SAMSS |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Info | service_name = SAMSS |
|
1 | |
| Module | Load | module_name = NETMSG, base_address = 0xb5ddf20000 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 71 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 52 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 |
Process #16: net1.exe
33
0
| Information | Value |
|---|---|
| ID | #16 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "spooler" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:02:09, Reason: Child Process |
| Unmonitor | End Time: 00:02:14, Reason: Self Terminated |
| Monitor Duration | 00:00:05 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xd90 |
| Parent PID | 0xc94 (c:\windows\system32\net.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
D44
0x
D40
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000dd53ba0000 | 0xdd53ba0000 | 0xdd53bbffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000dd53ba0000 | 0xdd53ba0000 | 0xdd53baffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000dd53bb0000 | 0xdd53bb0000 | 0xdd53bb6fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000dd53bc0000 | 0xdd53bc0000 | 0xdd53bd3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000dd53be0000 | 0xdd53be0000 | 0xdd53c5ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000dd53c60000 | 0xdd53c60000 | 0xdd53c63fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000dd53c70000 | 0xdd53c70000 | 0xdd53c70fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000dd53c80000 | 0xdd53c80000 | 0xdd53c81fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0xdd53c90000 | 0xdd53d4dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000dd53d50000 | 0xdd53d50000 | 0xdd53d56fff | Private Memory | rw |
|
|
|
- |
| private_0x000000dd53d60000 | 0xdd53d60000 | 0xdd53e5ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000dd53e60000 | 0xdd53e60000 | 0xdd53edffff | Private Memory | rw |
|
|
|
- |
| netmsg.dll | 0xdd53ee0000 | 0xdd53ee2fff | Memory Mapped File | rwx |
|
|
|
- |
| netmsg.dll.mui | 0xdd53ef0000 | 0xdd53f21fff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000dd540d0000 | 0xdd540d0000 | 0xdd540dffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff230000 | 0x7df5ff230000 | 0x7ff5ff22ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff719e40000 | 0x7ff719e40000 | 0x7ff719f3ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff719f40000 | 0x7ff719f40000 | 0x7ff719f62fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff719f64000 | 0x7ff719f64000 | 0x7ff719f64fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff719f6c000 | 0x7ff719f6c000 | 0x7ff719f6dfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff719f6e000 | 0x7ff719f6e000 | 0x7ff719f6ffff | Private Memory | rw |
|
|
|
- |
| net1.exe | 0x7ff71a490000 | 0x7ff71a4cbfff | Memory Mapped File | rwx |
|
|
|
- |
| browcli.dll | 0x7ffc466b0000 | 0x7ffc466c3fff | Memory Mapped File | rwx |
|
|
|
- |
| samcli.dll | 0x7ffc50ec0000 | 0x7ffc50ed7fff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x7ffc514b0000 | 0x7ffc514c5fff | Memory Mapped File | rwx |
|
|
|
- |
| dsrole.dll | 0x7ffc51ca0000 | 0x7ffc51ca9fff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x7ffc53830000 | 0x7ffc5383bfff | Memory Mapped File | rwx |
|
|
|
- |
| srvcli.dll | 0x7ffc53840000 | 0x7ffc53865fff | Memory Mapped File | rwx |
|
|
|
- |
| logoncli.dll | 0x7ffc53ba0000 | 0x7ffc53bddfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Threads
Thread 0xd44
33
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\system32\net1.exe, base_address = 0x7ff71a490000 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = SPOOLER |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Info | service_name = SPOOLER |
|
1 | |
| Service | Get Info | service_name = SPOOLER |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = SPOOLER |
|
1 | |
| Service | Get Display Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Module | Load | module_name = NETMSG, base_address = 0xdd53ee0000 |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 37 |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 1 |
|
1 | |
| System | Sleep | duration = 2500 milliseconds (2.500 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = SPOOLER |
|
1 | |
| Service | Get Info | service_name = SPOOLER |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Service | Get Display Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 53 |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 |
Process #17: werfault.exe
0
0
| Information | Value |
|---|---|
| ID | #17 |
| File Name | c:\windows\system32\werfault.exe |
| Command Line | C:\Windows\system32\WerFault.exe -u -p 1796 -s 1640 |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:02:10, Reason: Child Process |
| Unmonitor | End Time: 00:02:30, Reason: Self Terminated |
| Monitor Duration | 00:00:20 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x75c |
| Parent PID | 0x704 (c:\windows\system32\sihost.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
4D0
0x
AE8
0x
900
0x
8A8
0x
518
0x
B80
0x
A68
0x
820
0x
384
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000bc36bd0000 | 0xbc36bd0000 | 0xbc36beffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000bc36bd0000 | 0xbc36bd0000 | 0xbc36bdffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000bc36be0000 | 0xbc36be0000 | 0xbc36be6fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000bc36bf0000 | 0xbc36bf0000 | 0xbc36c03fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000bc36c10000 | 0xbc36c10000 | 0xbc36c8ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000bc36c90000 | 0xbc36c90000 | 0xbc36c93fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000bc36ca0000 | 0xbc36ca0000 | 0xbc36ca2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000bc36cb0000 | 0xbc36cb0000 | 0xbc36cb1fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0xbc36cc0000 | 0xbc36d7dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000bc36d80000 | 0xbc36d80000 | 0xbc36dfffff | Private Memory | rw |
|
|
|
- |
| private_0x000000bc36e00000 | 0xbc36e00000 | 0xbc36e0ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000bc36e10000 | 0xbc36e10000 | 0xbc36e16fff | Private Memory | rw |
|
|
|
- |
| werfault.exe.mui | 0xbc36e20000 | 0xbc36e23fff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000bc36e30000 | 0xbc36e30000 | 0xbc36e30fff | Private Memory | rw |
|
|
|
- |
| private_0x000000bc36e40000 | 0xbc36e40000 | 0xbc36e40fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000bc36e50000 | 0xbc36e50000 | 0xbc36e50fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000bc36e60000 | 0xbc36e60000 | 0xbc36e60fff | Private Memory | rw |
|
|
|
- |
| faultrep.dll.mui | 0xbc36e70000 | 0xbc36e71fff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000bc36e80000 | 0xbc36e80000 | 0xbc36e80fff | Private Memory | rw |
|
|
|
- |
| private_0x000000bc36e90000 | 0xbc36e90000 | 0xbc36f8ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000bc36f90000 | 0xbc36f90000 | 0xbc37117fff | Pagefile Backed Memory | r |
|
|
|
- |
| wer.dll.mui | 0xbc37120000 | 0xbc37122fff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000bc37130000 | 0xbc37130000 | 0xbc37136fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000bc37140000 | 0xbc37140000 | 0xbc37141fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000bc37150000 | 0xbc37150000 | 0xbc3715ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000bc37160000 | 0xbc37160000 | 0xbc372e0fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000bc372f0000 | 0xbc372f0000 | 0xbc386effff | Pagefile Backed Memory | r |
|
|
|
- |
| ntdll.dll.mui | 0xbc386f0000 | 0xbc38755fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x000000bc38760000 | 0xbc38760000 | 0xbc38761fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000bc38770000 | 0xbc38770000 | 0xbc38770fff | Pagefile Backed Memory | r |
|
|
|
- |
| werui.dll.mui | 0xbc38770000 | 0xbc38774fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x000000bc38780000 | 0xbc38780000 | 0xbc38781fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000bc38790000 | 0xbc38790000 | 0xbc38790fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000bc387a0000 | 0xbc387a0000 | 0xbc387a1fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000bc387b0000 | 0xbc387b0000 | 0xbc387b3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000bc387c0000 | 0xbc387c0000 | 0xbc387c6fff | Private Memory | rw |
|
|
|
- |
| duser.dll.mui | 0xbc387d0000 | 0xbc387d0fff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000bc38800000 | 0xbc38800000 | 0xbc3880ffff | Private Memory | rw |
|
|
|
- |
| sortdefault.nls | 0xbc38810000 | 0xbc38b46fff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000bc38b50000 | 0xbc38b50000 | 0xbc38c4ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000bc38c50000 | 0xbc38c50000 | 0xbc38d4ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000bc38d50000 | 0xbc38d50000 | 0xbc38e4ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000bc38e50000 | 0xbc38e50000 | 0xbc3904ffff | Private Memory | rw |
|
|
|
- |
| kernelbase.dll.mui | 0xbc39050000 | 0xbc3912efff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000bc39130000 | 0xbc39130000 | 0xbc3922ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000bc39230000 | 0xbc39230000 | 0xbc392affff | Private Memory | rw |
|
|
|
- |
| private_0x000000bc392b0000 | 0xbc392b0000 | 0xbc3932ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000bc39330000 | 0xbc39330000 | 0xbc393affff | Private Memory | rw |
|
|
|
- |
| private_0x000000bc393b0000 | 0xbc393b0000 | 0xbc3942ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000bc39430000 | 0xbc39430000 | 0xbc394affff | Private Memory | rw |
|
|
|
- |
| private_0x000000bc394b0000 | 0xbc394b0000 | 0xbc3952ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000bc39530000 | 0xbc39530000 | 0xbc395e7fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007df5ff3e0000 | 0x7df5ff3e0000 | 0x7ff5ff3dffff | Pagefile Backed Memory | - |
|
|
|
- |
| private_0x00007ff65d00c000 | 0x7ff65d00c000 | 0x7ff65d00dfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff65d00e000 | 0x7ff65d00e000 | 0x7ff65d00ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007ff65d010000 | 0x7ff65d010000 | 0x7ff65d10ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff65d110000 | 0x7ff65d110000 | 0x7ff65d132fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff65d133000 | 0x7ff65d133000 | 0x7ff65d133fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff65d134000 | 0x7ff65d134000 | 0x7ff65d135fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff65d136000 | 0x7ff65d136000 | 0x7ff65d137fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff65d138000 | 0x7ff65d138000 | 0x7ff65d139fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff65d13a000 | 0x7ff65d13a000 | 0x7ff65d13bfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff65d13c000 | 0x7ff65d13c000 | 0x7ff65d13dfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff65d13e000 | 0x7ff65d13e000 | 0x7ff65d13ffff | Private Memory | rw |
|
|
|
- |
| werfault.exe | 0x7ff65dca0000 | 0x7ff65dceafff | Memory Mapped File | rwx |
|
|
|
- |
| dbgeng.dll | 0x7ffc3e380000 | 0x7ffc3e85bfff | Memory Mapped File | rwx |
|
|
|
- |
| wer.dll | 0x7ffc3ec10000 | 0x7ffc3ecadfff | Memory Mapped File | rwx |
|
|
|
- |
| dbghelp.dll | 0x7ffc3f1e0000 | 0x7ffc3f369fff | Memory Mapped File | rwx |
|
|
|
- |
| riched20.dll | 0x7ffc3fb40000 | 0x7ffc3fbdafff | Memory Mapped File | rwx |
|
|
|
- |
| dui70.dll | 0x7ffc3ff20000 | 0x7ffc400cffff | Memory Mapped File | rwx |
|
|
|
- |
| atlthunk.dll | 0x7ffc41be0000 | 0x7ffc41beffff | Memory Mapped File | rwx |
|
|
|
- |
| npmproxy.dll | 0x7ffc4b090000 | 0x7ffc4b09dfff | Memory Mapped File | rwx |
|
|
|
- |
| secur32.dll | 0x7ffc4b6e0000 | 0x7ffc4b6ebfff | Memory Mapped File | rwx |
|
|
|
- |
| version.dll | 0x7ffc4b890000 | 0x7ffc4b899fff | Memory Mapped File | rwx |
|
|
|
- |
| netprofm.dll | 0x7ffc4c220000 | 0x7ffc4c25efff | Memory Mapped File | rwx |
|
|
|
- |
| comctl32.dll | 0x7ffc4cbd0000 | 0x7ffc4ce43fff | Memory Mapped File | rwx |
|
|
|
- |
| dbgmodel.dll | 0x7ffc4d040000 | 0x7ffc4d0d0fff | Memory Mapped File | rwx |
|
|
|
- |
| werui.dll | 0x7ffc4d060000 | 0x7ffc4d0d3fff | Memory Mapped File | rwx |
|
|
|
- |
| msls31.dll | 0x7ffc4d220000 | 0x7ffc4d257fff | Memory Mapped File | rwx |
|
|
|
- |
| faultrep.dll | 0x7ffc4d480000 | 0x7ffc4d4ddfff | Memory Mapped File | rwx |
|
|
|
- |
| duser.dll | 0x7ffc4f3a0000 | 0x7ffc4f438fff | Memory Mapped File | rwx |
|
|
|
- |
| xmllite.dll | 0x7ffc4fb00000 | 0x7ffc4fb35fff | Memory Mapped File | rwx |
|
|
|
- |
| dbgcore.dll | 0x7ffc50db0000 | 0x7ffc50dd4fff | Memory Mapped File | rwx |
|
|
|
- |
| usp10.dll | 0x7ffc513c0000 | 0x7ffc513d7fff | Memory Mapped File | rwx |
|
|
|
- |
| dwmapi.dll | 0x7ffc525f0000 | 0x7ffc52611fff | Memory Mapped File | rwx |
|
|
|
- |
| uxtheme.dll | 0x7ffc52d70000 | 0x7ffc52e05fff | Memory Mapped File | rwx |
|
|
|
- |
| devobj.dll | 0x7ffc52ef0000 | 0x7ffc52f16fff | Memory Mapped File | rwx |
|
|
|
- |
| ntmarta.dll | 0x7ffc53920000 | 0x7ffc53951fff | Memory Mapped File | rwx |
|
|
|
- |
| rsaenh.dll | 0x7ffc53a90000 | 0x7ffc53ac2fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptsp.dll | 0x7ffc54210000 | 0x7ffc54226fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x7ffc54280000 | 0x7ffc5428afff | Memory Mapped File | rwx |
|
|
|
- |
| sspicli.dll | 0x7ffc54320000 | 0x7ffc5434bfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| bcryptprimitives.dll | 0x7ffc543d0000 | 0x7ffc5443afff | Memory Mapped File | rwx |
|
|
|
- |
| profapi.dll | 0x7ffc54580000 | 0x7ffc54592fff | Memory Mapped File | rwx |
|
|
|
- |
| powrprof.dll | 0x7ffc545a0000 | 0x7ffc545e9fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel.appcore.dll | 0x7ffc54610000 | 0x7ffc5461efff | Memory Mapped File | rwx |
|
|
|
- |
| cfgmgr32.dll | 0x7ffc54620000 | 0x7ffc54663fff | Memory Mapped File | rwx |
|
|
|
- |
| windows.storage.dll | 0x7ffc54670000 | 0x7ffc54c97fff | Memory Mapped File | rwx |
|
|
|
- |
| shcore.dll | 0x7ffc54f80000 | 0x7ffc55032fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x7ffc55280000 | 0x7ffc552b5fff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x7ffc55380000 | 0x7ffc554dbfff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x7ffc554e0000 | 0x7ffc5562dfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| oleaut32.dll | 0x7ffc55910000 | 0x7ffc559cdfff | Memory Mapped File | rwx |
|
|
|
- |
| shell32.dll | 0x7ffc559d0000 | 0x7ffc56ef4fff | Memory Mapped File | rwx |
|
|
|
- |
| nsi.dll | 0x7ffc56f00000 | 0x7ffc56f07fff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x7ffc56f10000 | 0x7ffc57094fff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| combase.dll | 0x7ffc571d0000 | 0x7ffc5744bfff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ole32.dll | 0x7ffc57750000 | 0x7ffc57890fff | Memory Mapped File | rwx |
|
|
|
- |
| shlwapi.dll | 0x7ffc578a0000 | 0x7ffc578f0fff | Memory Mapped File | rwx |
|
|
|
- |
| clbcatq.dll | 0x7ffc57970000 | 0x7ffc57a14fff | Memory Mapped File | rwx |
|
|
|
- |
| advapi32.dll | 0x7ffc57aa0000 | 0x7ffc57b45fff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #18: werfault.exe
0
0
| Information | Value |
|---|---|
| ID | #18 |
| File Name | c:\windows\system32\werfault.exe |
| Command Line | C:\Windows\system32\WerFault.exe -u -p 2432 -s 3164 |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:02:11, Reason: Child Process |
| Unmonitor | End Time: 00:02:31, Reason: Self Terminated |
| Monitor Duration | 00:00:20 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x1f4 |
| Parent PID | 0x980 (c:\windows\systemapps\shellexperiencehost_cw5n1h2txyewy\shellexperiencehost.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
340
0x
434
0x
858
0x
954
0x
784
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x0000000100000000 | 0x100000000 | 0x10001ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000100000000 | 0x100000000 | 0x10000ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000100010000 | 0x100010000 | 0x100016fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000100020000 | 0x100020000 | 0x100033fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000100040000 | 0x100040000 | 0x1000bffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000001000c0000 | 0x1000c0000 | 0x1000c3fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000001000d0000 | 0x1000d0000 | 0x1000d2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000001000e0000 | 0x1000e0000 | 0x1000e1fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x1000f0000 | 0x1001adfff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000001001b0000 | 0x1001b0000 | 0x10022ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000100230000 | 0x100230000 | 0x100236fff | Private Memory | rw |
|
|
|
- |
| werfault.exe.mui | 0x100240000 | 0x100243fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000100250000 | 0x100250000 | 0x100250fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000100260000 | 0x100260000 | 0x100260fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000100270000 | 0x100270000 | 0x100270fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000100280000 | 0x100280000 | 0x10028ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000100290000 | 0x100290000 | 0x100290fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000001002a0000 | 0x1002a0000 | 0x1002a0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000001002b0000 | 0x1002b0000 | 0x1003affff | Private Memory | rw |
|
|
|
- |
| private_0x0000000100450000 | 0x100450000 | 0x10045ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000100460000 | 0x100460000 | 0x1005e7fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000001005f0000 | 0x1005f0000 | 0x100770fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000100780000 | 0x100780000 | 0x101b7ffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000101c80000 | 0x101c80000 | 0x101c8ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff200000 | 0x7df5ff200000 | 0x7ff5ff1fffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff65d770000 | 0x7ff65d770000 | 0x7ff65d86ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff65d870000 | 0x7ff65d870000 | 0x7ff65d892fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff65d89a000 | 0x7ff65d89a000 | 0x7ff65d89bfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff65d89c000 | 0x7ff65d89c000 | 0x7ff65d89cfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff65d89e000 | 0x7ff65d89e000 | 0x7ff65d89ffff | Private Memory | rw |
|
|
|
- |
| werfault.exe | 0x7ff65dca0000 | 0x7ff65dceafff | Memory Mapped File | rwx |
|
|
|
- |
| wer.dll | 0x7ffc3ec10000 | 0x7ffc3ecadfff | Memory Mapped File | rwx |
|
|
|
- |
| dbghelp.dll | 0x7ffc3f1e0000 | 0x7ffc3f369fff | Memory Mapped File | rwx |
|
|
|
- |
| faultrep.dll | 0x7ffc4d480000 | 0x7ffc4d4ddfff | Memory Mapped File | rwx |
|
|
|
- |
| dbgcore.dll | 0x7ffc50db0000 | 0x7ffc50dd4fff | Memory Mapped File | rwx |
|
|
|
- |
| uxtheme.dll | 0x7ffc52d70000 | 0x7ffc52e05fff | Memory Mapped File | rwx |
|
|
|
- |
| devobj.dll | 0x7ffc52ef0000 | 0x7ffc52f16fff | Memory Mapped File | rwx |
|
|
|
- |
| twinapi.appcore.dll | 0x7ffc52f40000 | 0x7ffc5302dfff | Memory Mapped File | rwx |
|
|
|
- |
| userenv.dll | 0x7ffc53b80000 | 0x7ffc53b9efff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| bcryptprimitives.dll | 0x7ffc543d0000 | 0x7ffc5443afff | Memory Mapped File | rwx |
|
|
|
- |
| profapi.dll | 0x7ffc54580000 | 0x7ffc54592fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel.appcore.dll | 0x7ffc54610000 | 0x7ffc5461efff | Memory Mapped File | rwx |
|
|
|
- |
| cfgmgr32.dll | 0x7ffc54620000 | 0x7ffc54663fff | Memory Mapped File | rwx |
|
|
|
- |
| shcore.dll | 0x7ffc54f80000 | 0x7ffc55032fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x7ffc55280000 | 0x7ffc552b5fff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x7ffc55380000 | 0x7ffc554dbfff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x7ffc554e0000 | 0x7ffc5562dfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x7ffc56f10000 | 0x7ffc57094fff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| combase.dll | 0x7ffc571d0000 | 0x7ffc5744bfff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| clbcatq.dll | 0x7ffc57970000 | 0x7ffc57a14fff | Memory Mapped File | rwx |
|
|
|
- |
| advapi32.dll | 0x7ffc57aa0000 | 0x7ffc57b45fff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #19: sihost.exe
0
0
| Information | Value |
|---|---|
| ID | #19 |
| File Name | c:\windows\system32\sihost.exe |
| Command Line | sihost.exe |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:02:13, Reason: Child Process |
| Unmonitor | End Time: 00:02:30, Reason: Self Terminated |
| Monitor Duration | 00:00:17 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x5bc |
| Parent PID | 0x704 (c:\windows\system32\sihost.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs | - |
Process #20: werfault.exe
0
0
| Information | Value |
|---|---|
| ID | #20 |
| File Name | c:\windows\system32\werfault.exe |
| Command Line | C:\Windows\system32\WerFault.exe -u -p 2432 -s 3224 |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:02:14, Reason: Child Process |
| Unmonitor | End Time: 00:02:59, Reason: Self Terminated |
| Monitor Duration | 00:00:45 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xdc4 |
| Parent PID | 0x980 (c:\windows\systemapps\shellexperiencehost_cw5n1h2txyewy\shellexperiencehost.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
DD4
0x
B18
0x
368
0x
B68
0x
E0C
0x
DB8
0x
E80
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x00000097bf0b0000 | 0x97bf0b0000 | 0x97bf0cffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000097bf0b0000 | 0x97bf0b0000 | 0x97bf0bffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x00000097bf0c0000 | 0x97bf0c0000 | 0x97bf0c6fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000097bf0d0000 | 0x97bf0d0000 | 0x97bf0e3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000097bf0f0000 | 0x97bf0f0000 | 0x97bf16ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000097bf170000 | 0x97bf170000 | 0x97bf173fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000097bf180000 | 0x97bf180000 | 0x97bf182fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000097bf190000 | 0x97bf190000 | 0x97bf191fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x97bf1a0000 | 0x97bf25dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000097bf260000 | 0x97bf260000 | 0x97bf2dffff | Private Memory | rw |
|
|
|
- |
| private_0x00000097bf2e0000 | 0x97bf2e0000 | 0x97bf2e6fff | Private Memory | rw |
|
|
|
- |
| werfault.exe.mui | 0x97bf2f0000 | 0x97bf2f3fff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000097bf300000 | 0x97bf300000 | 0x97bf300fff | Private Memory | rw |
|
|
|
- |
| private_0x00000097bf310000 | 0x97bf310000 | 0x97bf310fff | Private Memory | rw |
|
|
|
- |
| private_0x00000097bf320000 | 0x97bf320000 | 0x97bf32ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000097bf330000 | 0x97bf330000 | 0x97bf330fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x00000097bf340000 | 0x97bf340000 | 0x97bf340fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000097bf350000 | 0x97bf350000 | 0x97bf350fff | Pagefile Backed Memory | r |
|
|
|
- |
| faultrep.dll.mui | 0x97bf360000 | 0x97bf361fff | Memory Mapped File | r |
|
|
|
- |
| wer.dll.mui | 0x97bf370000 | 0x97bf372fff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000097bf380000 | 0x97bf380000 | 0x97bf47ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000097bf480000 | 0x97bf480000 | 0x97bf4fffff | Private Memory | rw |
|
|
|
- |
| private_0x00000097bf500000 | 0x97bf500000 | 0x97bf506fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000097bf510000 | 0x97bf510000 | 0x97bf511fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000097bf520000 | 0x97bf520000 | 0x97bf521fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000097bf530000 | 0x97bf530000 | 0x97bf530fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x00000097bf540000 | 0x97bf540000 | 0x97bf541fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000097bf550000 | 0x97bf550000 | 0x97bf55ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000097bf560000 | 0x97bf560000 | 0x97bf589fff | Pagefile Backed Memory | rw |
|
|
|
- |
| winnlsres.dll | 0x97bf590000 | 0x97bf594fff | Memory Mapped File | r |
|
|
|
- |
| winnlsres.dll.mui | 0x97bf5a0000 | 0x97bf5affff | Memory Mapped File | r |
|
|
|
- |
| mswsock.dll.mui | 0x97bf5b0000 | 0x97bf5b2fff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000097bf5c0000 | 0x97bf5c0000 | 0x97bf5cffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000097bf5d0000 | 0x97bf5d0000 | 0x97bf757fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000097bf760000 | 0x97bf760000 | 0x97bf8e0fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000097bf8f0000 | 0x97bf8f0000 | 0x97c0ceffff | Pagefile Backed Memory | r |
|
|
|
- |
| sortdefault.nls | 0x97c0cf0000 | 0x97c1026fff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000097c1030000 | 0x97c1030000 | 0x97c10affff | Private Memory | rw |
|
|
|
- |
| private_0x00000097c10b0000 | 0x97c10b0000 | 0x97c112ffff | Private Memory | rw |
|
|
|
- |
| ntdll.dll.mui | 0x97c1130000 | 0x97c1195fff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000097c11a0000 | 0x97c11a0000 | 0x97c121ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000097c1220000 | 0x97c1220000 | 0x97c131ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000097c1320000 | 0x97c1320000 | 0x97c141ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000097c1420000 | 0x97c1420000 | 0x97c151ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000097c1520000 | 0x97c1520000 | 0x97c171ffff | Private Memory | rw |
|
|
|
- |
| kernelbase.dll.mui | 0x97c1720000 | 0x97c17fefff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000097c1800000 | 0x97c1800000 | 0x97c18fffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ffc80000 | 0x7df5ffc80000 | 0x7ff5ffc7ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff65cc50000 | 0x7ff65cc50000 | 0x7ff65cd4ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff65cd50000 | 0x7ff65cd50000 | 0x7ff65cd72fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff65cd73000 | 0x7ff65cd73000 | 0x7ff65cd74fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff65cd75000 | 0x7ff65cd75000 | 0x7ff65cd76fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff65cd77000 | 0x7ff65cd77000 | 0x7ff65cd77fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff65cd78000 | 0x7ff65cd78000 | 0x7ff65cd79fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff65cd7a000 | 0x7ff65cd7a000 | 0x7ff65cd7bfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff65cd7c000 | 0x7ff65cd7c000 | 0x7ff65cd7dfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff65cd7e000 | 0x7ff65cd7e000 | 0x7ff65cd7ffff | Private Memory | rw |
|
|
|
- |
| werfault.exe | 0x7ff65dca0000 | 0x7ff65dceafff | Memory Mapped File | rwx |
|
|
|
- |
| dbgeng.dll | 0x7ffc3e380000 | 0x7ffc3e85bfff | Memory Mapped File | rwx |
|
|
|
- |
| wer.dll | 0x7ffc3ec10000 | 0x7ffc3ecadfff | Memory Mapped File | rwx |
|
|
|
- |
| dbghelp.dll | 0x7ffc3f1e0000 | 0x7ffc3f369fff | Memory Mapped File | rwx |
|
|
|
- |
| dui70.dll | 0x7ffc3ff20000 | 0x7ffc400cffff | Memory Mapped File | rwx |
|
|
|
- |
| windows.security.authentication.onlineid.dll | 0x7ffc44de0000 | 0x7ffc44e92fff | Memory Mapped File | rwx |
|
|
|
- |
| actxprxy.dll | 0x7ffc48ff0000 | 0x7ffc49459fff | Memory Mapped File | rwx |
|
|
|
- |
| webio.dll | 0x7ffc4a100000 | 0x7ffc4a17ffff | Memory Mapped File | rwx |
|
|
|
- |
| npmproxy.dll | 0x7ffc4b090000 | 0x7ffc4b09dfff | Memory Mapped File | rwx |
|
|
|
- |
| secur32.dll | 0x7ffc4b6e0000 | 0x7ffc4b6ebfff | Memory Mapped File | rwx |
|
|
|
- |
| version.dll | 0x7ffc4b890000 | 0x7ffc4b899fff | Memory Mapped File | rwx |
|
|
|
- |
| ondemandconnroutehelper.dll | 0x7ffc4b8c0000 | 0x7ffc4b8d4fff | Memory Mapped File | rwx |
|
|
|
- |
| netprofm.dll | 0x7ffc4c220000 | 0x7ffc4c25efff | Memory Mapped File | rwx |
|
|
|
- |
| rasadhlp.dll | 0x7ffc4c270000 | 0x7ffc4c279fff | Memory Mapped File | rwx |
|
|
|
- |
| comctl32.dll | 0x7ffc4cbd0000 | 0x7ffc4ce43fff | Memory Mapped File | rwx |
|
|
|
- |
| dbgmodel.dll | 0x7ffc4d040000 | 0x7ffc4d0d0fff | Memory Mapped File | rwx |
|
|
|
- |
| werui.dll | 0x7ffc4d060000 | 0x7ffc4d0d3fff | Memory Mapped File | rwx |
|
|
|
- |
| faultrep.dll | 0x7ffc4d480000 | 0x7ffc4d4ddfff | Memory Mapped File | rwx |
|
|
|
- |
| winhttp.dll | 0x7ffc4d9d0000 | 0x7ffc4daa5fff | Memory Mapped File | rwx |
|
|
|
- |
| xmllite.dll | 0x7ffc4fb00000 | 0x7ffc4fb35fff | Memory Mapped File | rwx |
|
|
|
- |
| fwpuclnt.dll | 0x7ffc50980000 | 0x7ffc509e7fff | Memory Mapped File | rwx |
|
|
|
- |
| dhcpcsvc.dll | 0x7ffc50a50000 | 0x7ffc50a69fff | Memory Mapped File | rwx |
|
|
|
- |
| dhcpcsvc6.dll | 0x7ffc50a70000 | 0x7ffc50a85fff | Memory Mapped File | rwx |
|
|
|
- |
| dbgcore.dll | 0x7ffc50db0000 | 0x7ffc50dd4fff | Memory Mapped File | rwx |
|
|
|
- |
| winnsi.dll | 0x7ffc51c30000 | 0x7ffc51c3afff | Memory Mapped File | rwx |
|
|
|
- |
| iphlpapi.dll | 0x7ffc51c50000 | 0x7ffc51c87fff | Memory Mapped File | rwx |
|
|
|
- |
| uxtheme.dll | 0x7ffc52d70000 | 0x7ffc52e05fff | Memory Mapped File | rwx |
|
|
|
- |
| devobj.dll | 0x7ffc52ef0000 | 0x7ffc52f16fff | Memory Mapped File | rwx |
|
|
|
- |
| twinapi.appcore.dll | 0x7ffc52f40000 | 0x7ffc5302dfff | Memory Mapped File | rwx |
|
|
|
- |
| ntmarta.dll | 0x7ffc53920000 | 0x7ffc53951fff | Memory Mapped File | rwx |
|
|
|
- |
| schannel.dll | 0x7ffc53980000 | 0x7ffc539f3fff | Memory Mapped File | rwx |
|
|
|
- |
| rsaenh.dll | 0x7ffc53a90000 | 0x7ffc53ac2fff | Memory Mapped File | rwx |
|
|
|
- |
| userenv.dll | 0x7ffc53b80000 | 0x7ffc53b9efff | Memory Mapped File | rwx |
|
|
|
- |
| dnsapi.dll | 0x7ffc53be0000 | 0x7ffc53c87fff | Memory Mapped File | rwx |
|
|
|
- |
| mswsock.dll | 0x7ffc53dd0000 | 0x7ffc53e2cfff | Memory Mapped File | rwx |
|
|
|
- |
| dpapi.dll | 0x7ffc541f0000 | 0x7ffc541f9fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptsp.dll | 0x7ffc54210000 | 0x7ffc54226fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x7ffc54280000 | 0x7ffc5428afff | Memory Mapped File | rwx |
|
|
|
- |
| sspicli.dll | 0x7ffc54320000 | 0x7ffc5434bfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| bcryptprimitives.dll | 0x7ffc543d0000 | 0x7ffc5443afff | Memory Mapped File | rwx |
|
|
|
- |
| profapi.dll | 0x7ffc54580000 | 0x7ffc54592fff | Memory Mapped File | rwx |
|
|
|
- |
| powrprof.dll | 0x7ffc545a0000 | 0x7ffc545e9fff | Memory Mapped File | rwx |
|
|
|
- |
| msasn1.dll | 0x7ffc545f0000 | 0x7ffc54600fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel.appcore.dll | 0x7ffc54610000 | 0x7ffc5461efff | Memory Mapped File | rwx |
|
|
|
- |
| cfgmgr32.dll | 0x7ffc54620000 | 0x7ffc54663fff | Memory Mapped File | rwx |
|
|
|
- |
| windows.storage.dll | 0x7ffc54670000 | 0x7ffc54c97fff | Memory Mapped File | rwx |
|
|
|
- |
| crypt32.dll | 0x7ffc54db0000 | 0x7ffc54f70fff | Memory Mapped File | rwx |
|
|
|
- |
| shcore.dll | 0x7ffc54f80000 | 0x7ffc55032fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x7ffc55280000 | 0x7ffc552b5fff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x7ffc55380000 | 0x7ffc554dbfff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x7ffc554e0000 | 0x7ffc5562dfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| oleaut32.dll | 0x7ffc55910000 | 0x7ffc559cdfff | Memory Mapped File | rwx |
|
|
|
- |
| shell32.dll | 0x7ffc559d0000 | 0x7ffc56ef4fff | Memory Mapped File | rwx |
|
|
|
- |
| nsi.dll | 0x7ffc56f00000 | 0x7ffc56f07fff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x7ffc56f10000 | 0x7ffc57094fff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| combase.dll | 0x7ffc571d0000 | 0x7ffc5744bfff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ole32.dll | 0x7ffc57750000 | 0x7ffc57890fff | Memory Mapped File | rwx |
|
|
|
- |
| shlwapi.dll | 0x7ffc578a0000 | 0x7ffc578f0fff | Memory Mapped File | rwx |
|
|
|
- |
| ws2_32.dll | 0x7ffc57900000 | 0x7ffc57968fff | Memory Mapped File | rwx |
|
|
|
- |
| clbcatq.dll | 0x7ffc57970000 | 0x7ffc57a14fff | Memory Mapped File | rwx |
|
|
|
- |
| advapi32.dll | 0x7ffc57aa0000 | 0x7ffc57b45fff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #21: net.exe
0
0
| Information | Value |
|---|---|
| ID | #21 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:02:14, Reason: Child Process |
| Unmonitor | End Time: 00:02:15, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xde8 |
| Parent PID | 0x52c (c:\users\public\mksmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
DF8
0x
E08
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x00000090521a0000 | 0x90521a0000 | 0x90521bffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000090521a0000 | 0x90521a0000 | 0x90521affff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x00000090521c0000 | 0x90521c0000 | 0x90521d3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000090521e0000 | 0x90521e0000 | 0x905225ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000009052260000 | 0x9052260000 | 0x9052263fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000009052270000 | 0x9052270000 | 0x9052270fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000009052280000 | 0x9052280000 | 0x9052281fff | Private Memory | rw |
|
|
|
- |
| private_0x00000090522a0000 | 0x90522a0000 | 0x905239ffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x90523a0000 | 0x905245dfff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x00007df5ff360000 | 0x7df5ff360000 | 0x7ff5ff35ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff706080000 | 0x7ff706080000 | 0x7ff70617ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff706180000 | 0x7ff706180000 | 0x7ff7061a2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff7061a5000 | 0x7ff7061a5000 | 0x7ff7061a5fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7061ae000 | 0x7ff7061ae000 | 0x7ff7061affff | Private Memory | rw |
|
|
|
- |
| net.exe | 0x7ff7067c0000 | 0x7ff7067dcfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #23: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #23 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:02:15, Reason: Child Process |
| Unmonitor | End Time: 00:02:15, Reason: Self Terminated |
| Monitor Duration | 00:00:00 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xde0 |
| Parent PID | 0xde8 (c:\windows\system32\net.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
DEC
0x
DE4
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x0000006931360000 | 0x6931360000 | 0x693137ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000006931360000 | 0x6931360000 | 0x693136ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000006931370000 | 0x6931370000 | 0x6931376fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000006931380000 | 0x6931380000 | 0x6931393fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000069313a0000 | 0x69313a0000 | 0x693141ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000006931420000 | 0x6931420000 | 0x6931423fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000006931430000 | 0x6931430000 | 0x6931430fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000006931440000 | 0x6931440000 | 0x6931441fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x6931450000 | 0x693150dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000006931510000 | 0x6931510000 | 0x6931516fff | Private Memory | rw |
|
|
|
- |
| netmsg.dll | 0x6931520000 | 0x6931522fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x0000006931540000 | 0x6931540000 | 0x693163ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000006931640000 | 0x6931640000 | 0x69316bffff | Private Memory | rw |
|
|
|
- |
| netmsg.dll.mui | 0x69316c0000 | 0x69316f1fff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000069317e0000 | 0x69317e0000 | 0x69317effff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ffea0000 | 0x7df5ffea0000 | 0x7ff5ffe9ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff71a180000 | 0x7ff71a180000 | 0x7ff71a27ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff71a280000 | 0x7ff71a280000 | 0x7ff71a2a2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff71a2aa000 | 0x7ff71a2aa000 | 0x7ff71a2abfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff71a2ac000 | 0x7ff71a2ac000 | 0x7ff71a2acfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff71a2ae000 | 0x7ff71a2ae000 | 0x7ff71a2affff | Private Memory | rw |
|
|
|
- |
| net1.exe | 0x7ff71a490000 | 0x7ff71a4cbfff | Memory Mapped File | rwx |
|
|
|
- |
| browcli.dll | 0x7ffc466b0000 | 0x7ffc466c3fff | Memory Mapped File | rwx |
|
|
|
- |
| samcli.dll | 0x7ffc50ec0000 | 0x7ffc50ed7fff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x7ffc514b0000 | 0x7ffc514c5fff | Memory Mapped File | rwx |
|
|
|
- |
| dsrole.dll | 0x7ffc51ca0000 | 0x7ffc51ca9fff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x7ffc53830000 | 0x7ffc5383bfff | Memory Mapped File | rwx |
|
|
|
- |
| srvcli.dll | 0x7ffc53840000 | 0x7ffc53865fff | Memory Mapped File | rwx |
|
|
|
- |
| logoncli.dll | 0x7ffc53ba0000 | 0x7ffc53bddfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Threads
Thread 0xdec
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\system32\net1.exe, base_address = 0x7ff71a490000 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = SAMSS |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Info | service_name = SAMSS |
|
1 | |
| Module | Load | module_name = NETMSG, base_address = 0x6931520000 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 71 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 52 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 |
Process #24: net.exe
0
0
| Information | Value |
|---|---|
| ID | #24 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:02:26, Reason: Child Process |
| Unmonitor | End Time: 00:02:27, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x63c |
| Parent PID | 0x52c (c:\users\public\mksmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
EB0
0x
E9C
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x0000007b445c0000 | 0x7b445c0000 | 0x7b445dffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000007b445c0000 | 0x7b445c0000 | 0x7b445cffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000007b445e0000 | 0x7b445e0000 | 0x7b445f3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000007b44600000 | 0x7b44600000 | 0x7b4467ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000007b44680000 | 0x7b44680000 | 0x7b44683fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000007b44690000 | 0x7b44690000 | 0x7b44690fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000007b446a0000 | 0x7b446a0000 | 0x7b446a1fff | Private Memory | rw |
|
|
|
- |
| private_0x0000007b44700000 | 0x7b44700000 | 0x7b447fffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x7b44800000 | 0x7b448bdfff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x00007df5ffaf0000 | 0x7df5ffaf0000 | 0x7ff5ffaeffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff706510000 | 0x7ff706510000 | 0x7ff70660ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff706610000 | 0x7ff706610000 | 0x7ff706632fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff706637000 | 0x7ff706637000 | 0x7ff706637fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff70663e000 | 0x7ff70663e000 | 0x7ff70663ffff | Private Memory | rw |
|
|
|
- |
| net.exe | 0x7ff7067c0000 | 0x7ff7067dcfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #26: svchost.exe
91
0
| Information | Value |
|---|---|
| ID | #26 |
| File Name | c:\windows\system32\svchost.exe |
| Command Line | C:\Windows\system32\svchost.exe -k UnistackSvcGroup |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:02:26, Reason: Injection |
| Unmonitor | End Time: 00:05:22, Reason: Crashed |
| Monitor Duration | 00:02:56 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xf88 |
| Parent PID | 0x1e4 (c:\windows\system32\services.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
2EC
0x
388
0x
F9C
0x
F98
0x
F8C
0x
DCC
0x
E98
0x
C3C
0x
C5C
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| pagefile_0x0000005431280000 | 0x5431280000 | 0x543128ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| svchost.exe.mui | 0x5431290000 | 0x5431290fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x00000054312a0000 | 0x54312a0000 | 0x54312b3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000054312c0000 | 0x54312c0000 | 0x543133ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000005431340000 | 0x5431340000 | 0x5431343fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000005431350000 | 0x5431350000 | 0x5431350fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000005431360000 | 0x5431360000 | 0x5431361fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x5431370000 | 0x543142dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000005431430000 | 0x5431430000 | 0x5431430fff | Private Memory | rw |
|
|
|
- |
| private_0x0000005431440000 | 0x5431440000 | 0x5431440fff | Private Memory | rw |
|
|
|
- |
| phoneutilres.dll | 0x5431450000 | 0x5431450fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000005431460000 | 0x5431460000 | 0x5431466fff | Private Memory | rw |
|
|
|
- |
| private_0x0000005431470000 | 0x5431470000 | 0x54314effff | Private Memory | rw |
|
|
|
- |
| private_0x00000054314f0000 | 0x54314f0000 | 0x54314f0fff | Private Memory | rw |
|
|
|
- |
| private_0x0000005431500000 | 0x5431500000 | 0x54315fffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000005431600000 | 0x5431600000 | 0x5431787fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000005431790000 | 0x5431790000 | 0x5431790fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000054317a0000 | 0x54317a0000 | 0x54317a6fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000054317b0000 | 0x54317b0000 | 0x54317b0fff | Pagefile Backed Memory | r |
|
|
|
- |
| syncres.dll | 0x54317c0000 | 0x54317c0fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000005431800000 | 0x5431800000 | 0x54318fffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000005431900000 | 0x5431900000 | 0x5431a80fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000005431a90000 | 0x5431a90000 | 0x5432e8ffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000005432e90000 | 0x5432e90000 | 0x5432f8ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000005432f90000 | 0x5432f90000 | 0x543308ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000005433090000 | 0x5433090000 | 0x543310ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000005433110000 | 0x5433110000 | 0x543320ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000005433210000 | 0x5433210000 | 0x543330ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000005433310000 | 0x5433310000 | 0x543340ffff | Private Memory | rw |
|
|
|
- |
| sortdefault.nls | 0x5433410000 | 0x5433746fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000005433750000 | 0x5433750000 | 0x543384ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff620000 | 0x7df5ff620000 | 0x7ff5ff61ffff | Pagefile Backed Memory | - |
|
|
|
- |
| private_0x00007ff6d3e70000 | 0x7ff6d3e70000 | 0x7ff6d4205fff | Private Memory | rwx |
|
|
|
- |
| private_0x00007ff6e01bc000 | 0x7ff6e01bc000 | 0x7ff6e01bdfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff6e01be000 | 0x7ff6e01be000 | 0x7ff6e01bffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007ff6e01c0000 | 0x7ff6e01c0000 | 0x7ff6e02bffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff6e02c0000 | 0x7ff6e02c0000 | 0x7ff6e02e2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff6e02e3000 | 0x7ff6e02e3000 | 0x7ff6e02e3fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff6e02e4000 | 0x7ff6e02e4000 | 0x7ff6e02e5fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff6e02e6000 | 0x7ff6e02e6000 | 0x7ff6e02e7fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff6e02e8000 | 0x7ff6e02e8000 | 0x7ff6e02e9fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff6e02ea000 | 0x7ff6e02ea000 | 0x7ff6e02ebfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff6e02ec000 | 0x7ff6e02ec000 | 0x7ff6e02edfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff6e02ee000 | 0x7ff6e02ee000 | 0x7ff6e02effff | Private Memory | rw |
|
|
|
- |
| svchost.exe | 0x7ff6e1100000 | 0x7ff6e110cfff | Memory Mapped File | rwx |
|
|
|
- |
| phoneutil.dll | 0x7ffc3f3a0000 | 0x7ffc3f3e0fff | Memory Mapped File | rwx |
|
|
|
- |
| pimstore.dll | 0x7ffc3f3f0000 | 0x7ffc3f560fff | Memory Mapped File | rwx |
|
|
|
- |
| syncutil.dll | 0x7ffc3f570000 | 0x7ffc3f5b6fff | Memory Mapped File | rwx |
|
|
|
- |
| userdataplatformhelperutil.dll | 0x7ffc3f610000 | 0x7ffc3f625fff | Memory Mapped File | rwx |
|
|
|
- |
| aphostservice.dll | 0x7ffc3f630000 | 0x7ffc3f67dfff | Memory Mapped File | rwx |
|
|
|
- |
| vaultcli.dll | 0x7ffc46900000 | 0x7ffc46947fff | Memory Mapped File | rwx |
|
|
|
- |
| tokenbroker.dll | 0x7ffc486a0000 | 0x7ffc48765fff | Memory Mapped File | rwx |
|
|
|
- |
| dsclient.dll | 0x7ffc48ed0000 | 0x7ffc48edbfff | Memory Mapped File | rwx |
|
|
|
- |
| userdatatypehelperutil.dll | 0x7ffc48ee0000 | 0x7ffc48ef0fff | Memory Mapped File | rwx |
|
|
|
- |
| actxprxy.dll | 0x7ffc48ff0000 | 0x7ffc49459fff | Memory Mapped File | rwx |
|
|
|
- |
| inproclogger.dll | 0x7ffc4b0a0000 | 0x7ffc4b0acfff | Memory Mapped File | rwx |
|
|
|
- |
| esent.dll | 0x7ffc4bc70000 | 0x7ffc4bf51fff | Memory Mapped File | rwx |
|
|
|
- |
| mccspal.dll | 0x7ffc4cad0000 | 0x7ffc4cadafff | Memory Mapped File | rwx |
|
|
|
- |
| idstore.dll | 0x7ffc4cf00000 | 0x7ffc4cf26fff | Memory Mapped File | rwx |
|
|
|
- |
| userdatatimeutil.dll | 0x7ffc4d0e0000 | 0x7ffc4d100fff | Memory Mapped File | rwx |
|
|
|
- |
| accountaccessor.dll | 0x7ffc4d110000 | 0x7ffc4d145fff | Memory Mapped File | rwx |
|
|
|
- |
| cemapi.dll | 0x7ffc4d150000 | 0x7ffc4d18ffff | Memory Mapped File | rwx |
|
|
|
- |
| winhttp.dll | 0x7ffc4d9d0000 | 0x7ffc4daa5fff | Memory Mapped File | rwx |
|
|
|
- |
| iertutil.dll | 0x7ffc4ddd0000 | 0x7ffc4e145fff | Memory Mapped File | rwx |
|
|
|
- |
| samlib.dll | 0x7ffc50bd0000 | 0x7ffc50bebfff | Memory Mapped File | rwx |
|
|
|
- |
| wintypes.dll | 0x7ffc50c00000 | 0x7ffc50d30fff | Memory Mapped File | rwx |
|
|
|
- |
| userdatalanguageutil.dll | 0x7ffc50d90000 | 0x7ffc50da0fff | Memory Mapped File | rwx |
|
|
|
- |
| synccontroller.dll | 0x7ffc50e50000 | 0x7ffc50ebbfff | Memory Mapped File | rwx |
|
|
|
- |
| aphostclient.dll | 0x7ffc513e0000 | 0x7ffc513effff | Memory Mapped File | rwx |
|
|
|
- |
| networkhelper.dll | 0x7ffc51a30000 | 0x7ffc51a46fff | Memory Mapped File | rwx |
|
|
|
- |
| winnsi.dll | 0x7ffc51c30000 | 0x7ffc51c3afff | Memory Mapped File | rwx |
|
|
|
- |
| iphlpapi.dll | 0x7ffc51c50000 | 0x7ffc51c87fff | Memory Mapped File | rwx |
|
|
|
- |
| nlaapi.dll | 0x7ffc51cb0000 | 0x7ffc51cc7fff | Memory Mapped File | rwx |
|
|
|
- |
| wtsapi32.dll | 0x7ffc52640000 | 0x7ffc52652fff | Memory Mapped File | rwx |
|
|
|
- |
| mpr.dll | 0x7ffc53810000 | 0x7ffc5382bfff | Memory Mapped File | rwx |
|
|
|
- |
| ntmarta.dll | 0x7ffc53920000 | 0x7ffc53951fff | Memory Mapped File | rwx |
|
|
|
- |
| rsaenh.dll | 0x7ffc53a90000 | 0x7ffc53ac2fff | Memory Mapped File | rwx |
|
|
|
- |
| userenv.dll | 0x7ffc53b80000 | 0x7ffc53b9efff | Memory Mapped File | rwx |
|
|
|
- |
| msv1_0.dll | 0x7ffc53d70000 | 0x7ffc53dcefff | Memory Mapped File | rwx |
|
|
|
- |
| ntlmshared.dll | 0x7ffc54200000 | 0x7ffc5420afff | Memory Mapped File | rwx |
|
|
|
- |
| cryptsp.dll | 0x7ffc54210000 | 0x7ffc54226fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptdll.dll | 0x7ffc54260000 | 0x7ffc54273fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x7ffc54280000 | 0x7ffc5428afff | Memory Mapped File | rwx |
|
|
|
- |
| sspicli.dll | 0x7ffc54320000 | 0x7ffc5434bfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| bcryptprimitives.dll | 0x7ffc543d0000 | 0x7ffc5443afff | Memory Mapped File | rwx |
|
|
|
- |
| profapi.dll | 0x7ffc54580000 | 0x7ffc54592fff | Memory Mapped File | rwx |
|
|
|
- |
| powrprof.dll | 0x7ffc545a0000 | 0x7ffc545e9fff | Memory Mapped File | rwx |
|
|
|
- |
| msasn1.dll | 0x7ffc545f0000 | 0x7ffc54600fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel.appcore.dll | 0x7ffc54610000 | 0x7ffc5461efff | Memory Mapped File | rwx |
|
|
|
- |
| windows.storage.dll | 0x7ffc54670000 | 0x7ffc54c97fff | Memory Mapped File | rwx |
|
|
|
- |
| crypt32.dll | 0x7ffc54db0000 | 0x7ffc54f70fff | Memory Mapped File | rwx |
|
|
|
- |
| shcore.dll | 0x7ffc54f80000 | 0x7ffc55032fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x7ffc55280000 | 0x7ffc552b5fff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x7ffc55380000 | 0x7ffc554dbfff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x7ffc554e0000 | 0x7ffc5562dfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| oleaut32.dll | 0x7ffc55910000 | 0x7ffc559cdfff | Memory Mapped File | rwx |
|
|
|
- |
| shell32.dll | 0x7ffc559d0000 | 0x7ffc56ef4fff | Memory Mapped File | rwx |
|
|
|
- |
| nsi.dll | 0x7ffc56f00000 | 0x7ffc56f07fff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x7ffc56f10000 | 0x7ffc57094fff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| combase.dll | 0x7ffc571d0000 | 0x7ffc5744bfff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ole32.dll | 0x7ffc57750000 | 0x7ffc57890fff | Memory Mapped File | rwx |
|
|
|
- |
| shlwapi.dll | 0x7ffc578a0000 | 0x7ffc578f0fff | Memory Mapped File | rwx |
|
|
|
- |
| clbcatq.dll | 0x7ffc57970000 | 0x7ffc57a14fff | Memory Mapped File | rwx |
|
|
|
- |
| advapi32.dll | 0x7ffc57aa0000 | 0x7ffc57b45fff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #2: c:\users\public\mksmd.exe | 0x6b4 | address = 0x7ff6d3e70000, size = 3760128 |
|
1 | |
| Create Remote Thread | #2: c:\users\public\mksmd.exe | 0x6b4 | address = 0x7ff6d3e72870 |
|
1 |
Threads
Thread 0xdcc
91
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Load | module_name = kernel32.dll, base_address = 0x7ffc55800000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = LoadLibraryA, address_out = 0x7ffc55822080 |
|
1 | |
| Module | Load | module_name = mpr.dll, base_address = 0x7ffc53810000 |
|
1 | |
| Module | Load | module_name = advapi32.dll, base_address = 0x7ffc57aa0000 |
|
1 | |
| Module | Load | module_name = ole32.dll, base_address = 0x7ffc57750000 |
|
1 | |
| Module | Load | module_name = Shell32.dll, base_address = 0x7ffc559d0000 |
|
1 | |
| Module | Load | module_name = Iphlpapi.dll, base_address = 0x7ffc51c50000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetLastError, address_out = 0x7ffc55816060 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = VirtualFree, address_out = 0x7ffc5581bc10 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptExportKey, address_out = 0x7ffc57ab7b50 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = DeleteFileW, address_out = 0x7ffc558257a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetDriveTypeW, address_out = 0x7ffc558258f0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetCommandLineW, address_out = 0x7ffc55820150 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetStartupInfoW, address_out = 0x7ffc5581ed80 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = FindNextFileW, address_out = 0x7ffc55825880 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = VirtualAlloc, address_out = 0x7ffc5581baf0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = GetUserNameA, address_out = 0x7ffc57acec40 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = ExitProcess, address_out = 0x7ffc5581ef50 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = Wow64RevertWow64FsRedirection, address_out = 0x7ffc558436a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateProcessA, address_out = 0x7ffc5581d5b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\iphlpapi.dll, function = GetIpNetTable, address_out = 0x7ffc51c6f0b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetVersionExW, address_out = 0x7ffc5581aa30 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x7ffc55843690 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetSystemDefaultLangID, address_out = 0x7ffc55822ba0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = GetUserNameW, address_out = 0x7ffc57abda40 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = ReadFile, address_out = 0x7ffc55825a90 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegQueryValueExA, address_out = 0x7ffc57ab7dd0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CloseHandle, address_out = 0x7ffc55825510 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegSetValueExW, address_out = 0x7ffc57ab7850 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegCloseKey, address_out = 0x7ffc57ab72e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CopyFileA, address_out = 0x7ffc5583e430 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetFileAttributesW, address_out = 0x7ffc55825b00 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = WinExec, address_out = 0x7ffc55841e60 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptDeriveKey, address_out = 0x7ffc57ad07a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptGenKey, address_out = 0x7ffc57abcab0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = Sleep, address_out = 0x7ffc55818f00 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetCurrentProcess, address_out = 0x7ffc55816580 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\shell32.dll, function = ShellExecuteW, address_out = 0x7ffc55b1abc0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetFileSize, address_out = 0x7ffc55825950 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GlobalAlloc, address_out = 0x7ffc5581b810 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = FindClose, address_out = 0x7ffc558257c0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = WaitForMultipleObjects, address_out = 0x7ffc558256e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetModuleFileNameA, address_out = 0x7ffc55820c70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\shell32.dll, function = ShellExecuteA, address_out = 0x7ffc55bd7de0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetModuleHandleA, address_out = 0x7ffc5581e6d0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetModuleFileNameW, address_out = 0x7ffc5581eca0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateFileA, address_out = 0x7ffc55825760 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetFileSizeEx, address_out = 0x7ffc55825960 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = WriteFile, address_out = 0x7ffc55825b80 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetLogicalDrives, address_out = 0x7ffc558166d0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\mpr.dll, function = WNetEnumResourceW, address_out = 0x7ffc538127d0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegOpenKeyExW, address_out = 0x7ffc57ab6cb0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\mpr.dll, function = WNetCloseEnum, address_out = 0x7ffc53812e20 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetWindowsDirectoryW, address_out = 0x7ffc55822940 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetFileAttributesA, address_out = 0x7ffc55825af0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegOpenKeyExA, address_out = 0x7ffc57ab7d70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetFilePointer, address_out = 0x7ffc55825b20 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetTickCount, address_out = 0x7ffc558160a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetFileAttributesW, address_out = 0x7ffc55825930 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = FindFirstFileW, address_out = 0x7ffc55825840 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptAcquireContextW, address_out = 0x7ffc57ab89e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = MoveFileExW, address_out = 0x7ffc55823010 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\mpr.dll, function = WNetOpenEnumW, address_out = 0x7ffc53812f20 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ole32.dll, function = CoInitialize, address_out = 0x7ffc57763870 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptDecrypt, address_out = 0x7ffc57ab9140 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptImportKey, address_out = 0x7ffc57ab7b40 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetFilePointerEx, address_out = 0x7ffc55825b30 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CopyFileW, address_out = 0x7ffc55825d70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = FreeLibrary, address_out = 0x7ffc5581eb90 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateProcessW, address_out = 0x7ffc5581dee0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateDirectoryW, address_out = 0x7ffc55825740 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateThread, address_out = 0x7ffc5581bc20 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptDestroyKey, address_out = 0x7ffc57ab86b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ole32.dll, function = CoCreateInstance, address_out = 0x7ffc57257000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateFileW, address_out = 0x7ffc55825770 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = GetFileAttributesA, address_out = 0x7ffc55825900 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = CryptEncrypt, address_out = 0x7ffc57abd7e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegDeleteValueW, address_out = 0x7ffc57ab90b0 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| System | Get Info | type = Windows Directory, result_out = C:\Windows |
|
1 | |
| File | Create | filename = C:\users\Public\sys, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
1 | |
| System | Sleep | duration = 5000 milliseconds (5.000 seconds) |
|
1 | |
| System | Sleep | duration = 25000 milliseconds (25.000 seconds) |
|
1 | |
| System | Get Info | type = Windows Directory, result_out = C:\Windows |
|
1 | |
| File | Create | filename = C:\users\Public\sys, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
1 | |
| System | Sleep | duration = 25000 milliseconds (25.000 seconds) |
|
1 | |
| System | Get Info | type = Windows Directory, result_out = C:\Windows |
|
1 | |
| File | Create | filename = C:\users\Public\sys, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
1 | |
| User | Lookup Privilege | privilege = SeBackupPrivilege, luid = 17 |
|
1 |
Process #27: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #27 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:02:26, Reason: Child Process |
| Unmonitor | End Time: 00:02:27, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xea4 |
| Parent PID | 0x63c (c:\windows\system32\net.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
EA8
0x
EB8
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x0000000e0cb50000 | 0xe0cb50000 | 0xe0cb6ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000e0cb50000 | 0xe0cb50000 | 0xe0cb5ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000e0cb60000 | 0xe0cb60000 | 0xe0cb66fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000e0cb70000 | 0xe0cb70000 | 0xe0cb83fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000e0cb90000 | 0xe0cb90000 | 0xe0cc0ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000e0cc10000 | 0xe0cc10000 | 0xe0cc13fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000e0cc20000 | 0xe0cc20000 | 0xe0cc20fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000e0cc30000 | 0xe0cc30000 | 0xe0cc31fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0xe0cc40000 | 0xe0ccfdfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000e0cd00000 | 0xe0cd00000 | 0xe0cd7ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000e0cd80000 | 0xe0cd80000 | 0xe0cd86fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000e0cd90000 | 0xe0cd90000 | 0xe0cd9ffff | Private Memory | rw |
|
|
|
- |
| netmsg.dll | 0xe0cda0000 | 0xe0cda2fff | Memory Mapped File | rwx |
|
|
|
- |
| netmsg.dll.mui | 0xe0cdb0000 | 0xe0cde1fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000e0cdf0000 | 0xe0cdf0000 | 0xe0ceeffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff4c0000 | 0x7df5ff4c0000 | 0x7ff5ff4bffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff719400000 | 0x7ff719400000 | 0x7ff7194fffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff719500000 | 0x7ff719500000 | 0x7ff719522fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff71952a000 | 0x7ff71952a000 | 0x7ff71952bfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff71952c000 | 0x7ff71952c000 | 0x7ff71952dfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff71952e000 | 0x7ff71952e000 | 0x7ff71952efff | Private Memory | rw |
|
|
|
- |
| net1.exe | 0x7ff71a490000 | 0x7ff71a4cbfff | Memory Mapped File | rwx |
|
|
|
- |
| browcli.dll | 0x7ffc4d200000 | 0x7ffc4d213fff | Memory Mapped File | rwx |
|
|
|
- |
| samcli.dll | 0x7ffc50ec0000 | 0x7ffc50ed7fff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x7ffc514b0000 | 0x7ffc514c5fff | Memory Mapped File | rwx |
|
|
|
- |
| dsrole.dll | 0x7ffc51ca0000 | 0x7ffc51ca9fff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x7ffc53830000 | 0x7ffc5383bfff | Memory Mapped File | rwx |
|
|
|
- |
| srvcli.dll | 0x7ffc53840000 | 0x7ffc53865fff | Memory Mapped File | rwx |
|
|
|
- |
| logoncli.dll | 0x7ffc53ba0000 | 0x7ffc53bddfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Threads
Thread 0xea8
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\system32\net1.exe, base_address = 0x7ff71a490000 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = SAMSS |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Info | service_name = SAMSS |
|
1 | |
| Module | Load | module_name = NETMSG, base_address = 0xe0cda0000 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 71 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 52 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 |
Process #28: werfault.exe
0
0
| Information | Value |
|---|---|
| ID | #28 |
| File Name | c:\windows\system32\werfault.exe |
| Command Line | C:\Windows\system32\WerFault.exe -u -p 1916 -s 1160 |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:02:32, Reason: Child Process |
| Unmonitor | End Time: 00:02:34, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xdb4 |
| Parent PID | 0x77c (c:\windows\system32\taskhostw.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
248
0x
764
0x
EE0
0x
EE8
0x
790
0x
EFC
0x
F00
0x
F04
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000ee07fc0000 | 0xee07fc0000 | 0xee07fdffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000ee07fc0000 | 0xee07fc0000 | 0xee07fcffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000ee07fd0000 | 0xee07fd0000 | 0xee07fd6fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000ee07fe0000 | 0xee07fe0000 | 0xee07ff3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000ee08000000 | 0xee08000000 | 0xee0807ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000ee08080000 | 0xee08080000 | 0xee08083fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000ee08090000 | 0xee08090000 | 0xee08092fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000ee080a0000 | 0xee080a0000 | 0xee080a1fff | Private Memory | rw |
|
|
|
- |
| private_0x000000ee080b0000 | 0xee080b0000 | 0xee080b6fff | Private Memory | rw |
|
|
|
- |
| private_0x000000ee080c0000 | 0xee080c0000 | 0xee081bffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0xee081c0000 | 0xee0827dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000ee08280000 | 0xee08280000 | 0xee082fffff | Private Memory | rw |
|
|
|
- |
| werfault.exe.mui | 0xee08300000 | 0xee08303fff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000ee08310000 | 0xee08310000 | 0xee08310fff | Private Memory | rw |
|
|
|
- |
| private_0x000000ee08320000 | 0xee08320000 | 0xee08320fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000ee08330000 | 0xee08330000 | 0xee08330fff | Pagefile Backed Memory | rw |
|
|
|
- |
| faultrep.dll.mui | 0xee08340000 | 0xee08341fff | Memory Mapped File | r |
|
|
|
- |
| wer.dll.mui | 0xee08350000 | 0xee08352fff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000ee08360000 | 0xee08360000 | 0xee08366fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000ee08370000 | 0xee08370000 | 0xee08371fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000ee08380000 | 0xee08380000 | 0xee08381fff | Pagefile Backed Memory | r |
|
|
|
- |
| werui.dll.mui | 0xee08390000 | 0xee08394fff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000ee083a0000 | 0xee083a0000 | 0xee083affff | Private Memory | rw |
|
|
|
- |
| ntdll.dll.mui | 0xee083b0000 | 0xee08415fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x000000ee08420000 | 0xee08420000 | 0xee08421fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000ee08430000 | 0xee08430000 | 0xee08430fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000ee08440000 | 0xee08440000 | 0xee08441fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000ee08460000 | 0xee08460000 | 0xee0846ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ee084d0000 | 0xee084d0000 | 0xee084dffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000ee084e0000 | 0xee084e0000 | 0xee08667fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000ee08670000 | 0xee08670000 | 0xee087f0fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000ee08800000 | 0xee08800000 | 0xee09bfffff | Pagefile Backed Memory | r |
|
|
|
- |
| sortdefault.nls | 0xee09c00000 | 0xee09f36fff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000ee09f40000 | 0xee09f40000 | 0xee09fbffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ee09fc0000 | 0xee09fc0000 | 0xee0a0bffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ee0a0c0000 | 0xee0a0c0000 | 0xee0a1bffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ee0a1c0000 | 0xee0a1c0000 | 0xee0a2bffff | Private Memory | rw |
|
|
|
- |
| kernelbase.dll.mui | 0xee0a2c0000 | 0xee0a39efff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000ee0a3a0000 | 0xee0a3a0000 | 0xee0a49ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ee0a4a0000 | 0xee0a4a0000 | 0xee0a51ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ee0a520000 | 0xee0a520000 | 0xee0a59ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ee0a5a0000 | 0xee0a5a0000 | 0xee0a61ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ee0a620000 | 0xee0a620000 | 0xee0a69ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff110000 | 0x7df5ff110000 | 0x7ff5ff10ffff | Pagefile Backed Memory | - |
|
|
|
- |
| private_0x00007ff65cdac000 | 0x7ff65cdac000 | 0x7ff65cdadfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff65cdae000 | 0x7ff65cdae000 | 0x7ff65cdaffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007ff65cdb0000 | 0x7ff65cdb0000 | 0x7ff65ceaffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff65ceb0000 | 0x7ff65ceb0000 | 0x7ff65ced2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff65ced4000 | 0x7ff65ced4000 | 0x7ff65ced5fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff65ced6000 | 0x7ff65ced6000 | 0x7ff65ced7fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff65ced8000 | 0x7ff65ced8000 | 0x7ff65ced9fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff65ceda000 | 0x7ff65ceda000 | 0x7ff65cedafff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff65cedc000 | 0x7ff65cedc000 | 0x7ff65ceddfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff65cede000 | 0x7ff65cede000 | 0x7ff65cedffff | Private Memory | rw |
|
|
|
- |
| werfault.exe | 0x7ff65dca0000 | 0x7ff65dceafff | Memory Mapped File | rwx |
|
|
|
- |
| dbgeng.dll | 0x7ffc3e170000 | 0x7ffc3e64bfff | Memory Mapped File | rwx |
|
|
|
- |
| wer.dll | 0x7ffc3ec10000 | 0x7ffc3ecadfff | Memory Mapped File | rwx |
|
|
|
- |
| dbghelp.dll | 0x7ffc3f1e0000 | 0x7ffc3f369fff | Memory Mapped File | rwx |
|
|
|
- |
| dui70.dll | 0x7ffc3ff20000 | 0x7ffc400cffff | Memory Mapped File | rwx |
|
|
|
- |
| dbgmodel.dll | 0x7ffc48e30000 | 0x7ffc48ec0fff | Memory Mapped File | rwx |
|
|
|
- |
| riched20.dll | 0x7ffc48e30000 | 0x7ffc48ecafff | Memory Mapped File | rwx |
|
|
|
- |
| secur32.dll | 0x7ffc4b6e0000 | 0x7ffc4b6ebfff | Memory Mapped File | rwx |
|
|
|
- |
| version.dll | 0x7ffc4b890000 | 0x7ffc4b899fff | Memory Mapped File | rwx |
|
|
|
- |
| comctl32.dll | 0x7ffc4cbd0000 | 0x7ffc4ce43fff | Memory Mapped File | rwx |
|
|
|
- |
| werui.dll | 0x7ffc4d060000 | 0x7ffc4d0d3fff | Memory Mapped File | rwx |
|
|
|
- |
| msls31.dll | 0x7ffc4d220000 | 0x7ffc4d257fff | Memory Mapped File | rwx |
|
|
|
- |
| faultrep.dll | 0x7ffc4d480000 | 0x7ffc4d4ddfff | Memory Mapped File | rwx |
|
|
|
- |
| duser.dll | 0x7ffc4f3a0000 | 0x7ffc4f438fff | Memory Mapped File | rwx |
|
|
|
- |
| xmllite.dll | 0x7ffc4fb00000 | 0x7ffc4fb35fff | Memory Mapped File | rwx |
|
|
|
- |
| dbgcore.dll | 0x7ffc50db0000 | 0x7ffc50dd4fff | Memory Mapped File | rwx |
|
|
|
- |
| usp10.dll | 0x7ffc513c0000 | 0x7ffc513d7fff | Memory Mapped File | rwx |
|
|
|
- |
| uxtheme.dll | 0x7ffc52d70000 | 0x7ffc52e05fff | Memory Mapped File | rwx |
|
|
|
- |
| devobj.dll | 0x7ffc52ef0000 | 0x7ffc52f16fff | Memory Mapped File | rwx |
|
|
|
- |
| ntmarta.dll | 0x7ffc53920000 | 0x7ffc53951fff | Memory Mapped File | rwx |
|
|
|
- |
| rsaenh.dll | 0x7ffc53a90000 | 0x7ffc53ac2fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptsp.dll | 0x7ffc54210000 | 0x7ffc54226fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x7ffc54280000 | 0x7ffc5428afff | Memory Mapped File | rwx |
|
|
|
- |
| sspicli.dll | 0x7ffc54320000 | 0x7ffc5434bfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| bcryptprimitives.dll | 0x7ffc543d0000 | 0x7ffc5443afff | Memory Mapped File | rwx |
|
|
|
- |
| profapi.dll | 0x7ffc54580000 | 0x7ffc54592fff | Memory Mapped File | rwx |
|
|
|
- |
| powrprof.dll | 0x7ffc545a0000 | 0x7ffc545e9fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel.appcore.dll | 0x7ffc54610000 | 0x7ffc5461efff | Memory Mapped File | rwx |
|
|
|
- |
| cfgmgr32.dll | 0x7ffc54620000 | 0x7ffc54663fff | Memory Mapped File | rwx |
|
|
|
- |
| windows.storage.dll | 0x7ffc54670000 | 0x7ffc54c97fff | Memory Mapped File | rwx |
|
|
|
- |
| shcore.dll | 0x7ffc54f80000 | 0x7ffc55032fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x7ffc55280000 | 0x7ffc552b5fff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x7ffc55380000 | 0x7ffc554dbfff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x7ffc554e0000 | 0x7ffc5562dfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| oleaut32.dll | 0x7ffc55910000 | 0x7ffc559cdfff | Memory Mapped File | rwx |
|
|
|
- |
| shell32.dll | 0x7ffc559d0000 | 0x7ffc56ef4fff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x7ffc56f10000 | 0x7ffc57094fff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| combase.dll | 0x7ffc571d0000 | 0x7ffc5744bfff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ole32.dll | 0x7ffc57750000 | 0x7ffc57890fff | Memory Mapped File | rwx |
|
|
|
- |
| shlwapi.dll | 0x7ffc578a0000 | 0x7ffc578f0fff | Memory Mapped File | rwx |
|
|
|
- |
| clbcatq.dll | 0x7ffc57970000 | 0x7ffc57a14fff | Memory Mapped File | rwx |
|
|
|
- |
| advapi32.dll | 0x7ffc57aa0000 | 0x7ffc57b45fff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #29: net.exe
0
0
| Information | Value |
|---|---|
| ID | #29 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:02:34, Reason: Child Process |
| Unmonitor | End Time: 00:02:36, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xe20 |
| Parent PID | 0x52c (c:\users\public\mksmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
E24
0x
3C0
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x0000005015f60000 | 0x5015f60000 | 0x5015f7ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000005015f60000 | 0x5015f60000 | 0x5015f6ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000005015f70000 | 0x5015f70000 | 0x5015f76fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000005015f80000 | 0x5015f80000 | 0x5015f93fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000005015fa0000 | 0x5015fa0000 | 0x501601ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000005016020000 | 0x5016020000 | 0x5016023fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000005016030000 | 0x5016030000 | 0x5016030fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000005016040000 | 0x5016040000 | 0x5016041fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x5016050000 | 0x501610dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000005016110000 | 0x5016110000 | 0x5016116fff | Private Memory | rw |
|
|
|
- |
| private_0x0000005016130000 | 0x5016130000 | 0x501622ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000005016230000 | 0x5016230000 | 0x50162affff | Private Memory | rw |
|
|
|
- |
| private_0x00000050163c0000 | 0x50163c0000 | 0x50163cffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff1b0000 | 0x7df5ff1b0000 | 0x7ff5ff1affff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff706120000 | 0x7ff706120000 | 0x7ff70621ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff706220000 | 0x7ff706220000 | 0x7ff706242fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff706248000 | 0x7ff706248000 | 0x7ff706248fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff70624c000 | 0x7ff70624c000 | 0x7ff70624dfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff70624e000 | 0x7ff70624e000 | 0x7ff70624ffff | Private Memory | rw |
|
|
|
- |
| net.exe | 0x7ff7067c0000 | 0x7ff7067dcfff | Memory Mapped File | rwx |
|
|
|
- |
| samcli.dll | 0x7ffc50ec0000 | 0x7ffc50ed7fff | Memory Mapped File | rwx |
|
|
|
- |
| browcli.dll | 0x7ffc513c0000 | 0x7ffc513d3fff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x7ffc514b0000 | 0x7ffc514c5fff | Memory Mapped File | rwx |
|
|
|
- |
| winnsi.dll | 0x7ffc51c30000 | 0x7ffc51c3afff | Memory Mapped File | rwx |
|
|
|
- |
| iphlpapi.dll | 0x7ffc51c50000 | 0x7ffc51c87fff | Memory Mapped File | rwx |
|
|
|
- |
| mpr.dll | 0x7ffc53810000 | 0x7ffc5382bfff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x7ffc53830000 | 0x7ffc5383bfff | Memory Mapped File | rwx |
|
|
|
- |
| srvcli.dll | 0x7ffc53840000 | 0x7ffc53865fff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| nsi.dll | 0x7ffc56f00000 | 0x7ffc56f07fff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #31: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #31 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:02:35, Reason: Child Process |
| Unmonitor | End Time: 00:02:36, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xf34 |
| Parent PID | 0xe20 (c:\windows\system32\net.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
F94
0x
FF8
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x0000001410660000 | 0x1410660000 | 0x141067ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000001410660000 | 0x1410660000 | 0x141066ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000001410670000 | 0x1410670000 | 0x1410676fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000001410680000 | 0x1410680000 | 0x1410693fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000014106a0000 | 0x14106a0000 | 0x141071ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000001410720000 | 0x1410720000 | 0x1410723fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000001410730000 | 0x1410730000 | 0x1410730fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000001410740000 | 0x1410740000 | 0x1410741fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x1410750000 | 0x141080dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000001410810000 | 0x1410810000 | 0x1410816fff | Private Memory | rw |
|
|
|
- |
| netmsg.dll | 0x1410820000 | 0x1410822fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x0000001410860000 | 0x1410860000 | 0x141095ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000001410960000 | 0x1410960000 | 0x14109dffff | Private Memory | rw |
|
|
|
- |
| netmsg.dll.mui | 0x14109e0000 | 0x1410a11fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000001410ab0000 | 0x1410ab0000 | 0x1410abffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff4a0000 | 0x7df5ff4a0000 | 0x7ff5ff49ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff719d20000 | 0x7ff719d20000 | 0x7ff719e1ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff719e20000 | 0x7ff719e20000 | 0x7ff719e42fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff719e44000 | 0x7ff719e44000 | 0x7ff719e44fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff719e4c000 | 0x7ff719e4c000 | 0x7ff719e4dfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff719e4e000 | 0x7ff719e4e000 | 0x7ff719e4ffff | Private Memory | rw |
|
|
|
- |
| net1.exe | 0x7ff71a490000 | 0x7ff71a4cbfff | Memory Mapped File | rwx |
|
|
|
- |
| samcli.dll | 0x7ffc50ec0000 | 0x7ffc50ed7fff | Memory Mapped File | rwx |
|
|
|
- |
| browcli.dll | 0x7ffc513c0000 | 0x7ffc513d3fff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x7ffc514b0000 | 0x7ffc514c5fff | Memory Mapped File | rwx |
|
|
|
- |
| dsrole.dll | 0x7ffc51ca0000 | 0x7ffc51ca9fff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x7ffc53830000 | 0x7ffc5383bfff | Memory Mapped File | rwx |
|
|
|
- |
| srvcli.dll | 0x7ffc53840000 | 0x7ffc53865fff | Memory Mapped File | rwx |
|
|
|
- |
| logoncli.dll | 0x7ffc53ba0000 | 0x7ffc53bddfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Threads
Thread 0xf94
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\system32\net1.exe, base_address = 0x7ff71a490000 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = SAMSS |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Info | service_name = SAMSS |
|
1 | |
| Module | Load | module_name = NETMSG, base_address = 0x1410820000 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 71 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 52 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 |
Process #32: net.exe
0
0
| Information | Value |
|---|---|
| ID | #32 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:02:36, Reason: Child Process |
| Unmonitor | End Time: 00:02:37, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x910 |
| Parent PID | 0x52c (c:\users\public\mksmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
A70
0x
F64
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x0000004f93ae0000 | 0x4f93ae0000 | 0x4f93afffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000004f93ae0000 | 0x4f93ae0000 | 0x4f93aeffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000004f93b00000 | 0x4f93b00000 | 0x4f93b13fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000004f93b20000 | 0x4f93b20000 | 0x4f93b9ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000004f93ba0000 | 0x4f93ba0000 | 0x4f93ba3fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000004f93bb0000 | 0x4f93bb0000 | 0x4f93bb0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000004f93bc0000 | 0x4f93bc0000 | 0x4f93bc1fff | Private Memory | rw |
|
|
|
- |
| private_0x0000004f93bf0000 | 0x4f93bf0000 | 0x4f93ceffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x4f93cf0000 | 0x4f93dadfff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x00007df5ffac0000 | 0x7df5ffac0000 | 0x7ff5ffabffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff705c90000 | 0x7ff705c90000 | 0x7ff705d8ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff705d90000 | 0x7ff705d90000 | 0x7ff705db2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff705db7000 | 0x7ff705db7000 | 0x7ff705db7fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff705dbe000 | 0x7ff705dbe000 | 0x7ff705dbffff | Private Memory | rw |
|
|
|
- |
| net.exe | 0x7ff7067c0000 | 0x7ff7067dcfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #34: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #34 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:02:36, Reason: Child Process |
| Unmonitor | End Time: 00:02:37, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xfa0 |
| Parent PID | 0x910 (c:\windows\system32\net.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
FA4
0x
EBC
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000584caf0000 | 0x584caf0000 | 0x584cb0ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000584caf0000 | 0x584caf0000 | 0x584cafffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000584cb00000 | 0x584cb00000 | 0x584cb06fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000584cb10000 | 0x584cb10000 | 0x584cb23fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000584cb30000 | 0x584cb30000 | 0x584cbaffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000584cbb0000 | 0x584cbb0000 | 0x584cbb3fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000584cbc0000 | 0x584cbc0000 | 0x584cbc0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000584cbd0000 | 0x584cbd0000 | 0x584cbd1fff | Private Memory | rw |
|
|
|
- |
| private_0x000000584cbe0000 | 0x584cbe0000 | 0x584cbe6fff | Private Memory | rw |
|
|
|
- |
| netmsg.dll | 0x584cbf0000 | 0x584cbf2fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000584cc20000 | 0x584cc20000 | 0x584cd1ffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x584cd20000 | 0x584cdddfff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000584cde0000 | 0x584cde0000 | 0x584ce5ffff | Private Memory | rw |
|
|
|
- |
| netmsg.dll.mui | 0x584ce60000 | 0x584ce91fff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000584cf20000 | 0x584cf20000 | 0x584cf2ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ffba0000 | 0x7df5ffba0000 | 0x7ff5ffb9ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff719b20000 | 0x7ff719b20000 | 0x7ff719c1ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff719c20000 | 0x7ff719c20000 | 0x7ff719c42fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff719c4b000 | 0x7ff719c4b000 | 0x7ff719c4cfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff719c4d000 | 0x7ff719c4d000 | 0x7ff719c4efff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff719c4f000 | 0x7ff719c4f000 | 0x7ff719c4ffff | Private Memory | rw |
|
|
|
- |
| net1.exe | 0x7ff71a490000 | 0x7ff71a4cbfff | Memory Mapped File | rwx |
|
|
|
- |
| browcli.dll | 0x7ffc4d040000 | 0x7ffc4d053fff | Memory Mapped File | rwx |
|
|
|
- |
| samcli.dll | 0x7ffc50ec0000 | 0x7ffc50ed7fff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x7ffc514b0000 | 0x7ffc514c5fff | Memory Mapped File | rwx |
|
|
|
- |
| dsrole.dll | 0x7ffc51ca0000 | 0x7ffc51ca9fff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x7ffc53830000 | 0x7ffc5383bfff | Memory Mapped File | rwx |
|
|
|
- |
| srvcli.dll | 0x7ffc53840000 | 0x7ffc53865fff | Memory Mapped File | rwx |
|
|
|
- |
| logoncli.dll | 0x7ffc53ba0000 | 0x7ffc53bddfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Threads
Thread 0xfa4
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\system32\net1.exe, base_address = 0x7ff71a490000 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = SAMSS |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Info | service_name = SAMSS |
|
1 | |
| Module | Load | module_name = NETMSG, base_address = 0x584cbf0000 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 71 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 52 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 |
Process #35: werfault.exe
0
0
| Information | Value |
|---|---|
| ID | #35 |
| File Name | c:\windows\system32\werfault.exe |
| Command Line | C:\Windows\system32\WerFault.exe -u -p 2040 -s 892 |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:02:44, Reason: Child Process |
| Unmonitor | End Time: 00:02:48, Reason: Self Terminated |
| Monitor Duration | 00:00:04 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xb80 |
| Parent PID | 0x7f8 (c:\windows\system32\runtimebroker.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
518
0x
384
0x
728
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x0000000100000000 | 0x100000000 | 0x10001ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000100000000 | 0x100000000 | 0x10000ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000100010000 | 0x100010000 | 0x100016fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000100020000 | 0x100020000 | 0x100033fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000100040000 | 0x100040000 | 0x1000bffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000001000c0000 | 0x1000c0000 | 0x1000c3fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000001000d0000 | 0x1000d0000 | 0x1000d2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000001000e0000 | 0x1000e0000 | 0x1000e1fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x1000f0000 | 0x1001adfff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000001001b0000 | 0x1001b0000 | 0x10022ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000100230000 | 0x100230000 | 0x100236fff | Private Memory | rw |
|
|
|
- |
| werfault.exe.mui | 0x100240000 | 0x100243fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000100250000 | 0x100250000 | 0x100250fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000100260000 | 0x100260000 | 0x100260fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000100270000 | 0x100270000 | 0x100270fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000100280000 | 0x100280000 | 0x100280fff | Private Memory | rw |
|
|
|
- |
| faultrep.dll.mui | 0x100290000 | 0x100291fff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000001002a0000 | 0x1002a0000 | 0x1002affff | Private Memory | rw |
|
|
|
- |
| private_0x00000001002b0000 | 0x1002b0000 | 0x1003affff | Private Memory | rw |
|
|
|
- |
| ntdll.dll.mui | 0x1003b0000 | 0x100415fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000100490000 | 0x100490000 | 0x10049ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000001004a0000 | 0x1004a0000 | 0x100627fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000100630000 | 0x100630000 | 0x1007b0fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000001007c0000 | 0x1007c0000 | 0x101bbffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000101c40000 | 0x101c40000 | 0x101d3ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000101d60000 | 0x101d60000 | 0x101d6ffff | Private Memory | rw |
|
|
|
- |
| sortdefault.nls | 0x101d70000 | 0x1020a6fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x00007df5ff470000 | 0x7df5ff470000 | 0x7ff5ff46ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff65d9c0000 | 0x7ff65d9c0000 | 0x7ff65dabffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff65dac0000 | 0x7ff65dac0000 | 0x7ff65dae2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff65daea000 | 0x7ff65daea000 | 0x7ff65daebfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff65daec000 | 0x7ff65daec000 | 0x7ff65daecfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff65daee000 | 0x7ff65daee000 | 0x7ff65daeffff | Private Memory | rw |
|
|
|
- |
| werfault.exe | 0x7ff65dca0000 | 0x7ff65dceafff | Memory Mapped File | rwx |
|
|
|
- |
| dbgeng.dll | 0x7ffc3e170000 | 0x7ffc3e64bfff | Memory Mapped File | rwx |
|
|
|
- |
| wer.dll | 0x7ffc3ec10000 | 0x7ffc3ecadfff | Memory Mapped File | rwx |
|
|
|
- |
| dbghelp.dll | 0x7ffc3f1e0000 | 0x7ffc3f369fff | Memory Mapped File | rwx |
|
|
|
- |
| dbgmodel.dll | 0x7ffc48e30000 | 0x7ffc48ec0fff | Memory Mapped File | rwx |
|
|
|
- |
| faultrep.dll | 0x7ffc4d480000 | 0x7ffc4d4ddfff | Memory Mapped File | rwx |
|
|
|
- |
| xmllite.dll | 0x7ffc4fb00000 | 0x7ffc4fb35fff | Memory Mapped File | rwx |
|
|
|
- |
| dbgcore.dll | 0x7ffc50db0000 | 0x7ffc50dd4fff | Memory Mapped File | rwx |
|
|
|
- |
| uxtheme.dll | 0x7ffc52d70000 | 0x7ffc52e05fff | Memory Mapped File | rwx |
|
|
|
- |
| devobj.dll | 0x7ffc52ef0000 | 0x7ffc52f16fff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| bcryptprimitives.dll | 0x7ffc543d0000 | 0x7ffc5443afff | Memory Mapped File | rwx |
|
|
|
- |
| kernel.appcore.dll | 0x7ffc54610000 | 0x7ffc5461efff | Memory Mapped File | rwx |
|
|
|
- |
| cfgmgr32.dll | 0x7ffc54620000 | 0x7ffc54663fff | Memory Mapped File | rwx |
|
|
|
- |
| shcore.dll | 0x7ffc54f80000 | 0x7ffc55032fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x7ffc55280000 | 0x7ffc552b5fff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x7ffc55380000 | 0x7ffc554dbfff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x7ffc554e0000 | 0x7ffc5562dfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| oleaut32.dll | 0x7ffc55910000 | 0x7ffc559cdfff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x7ffc56f10000 | 0x7ffc57094fff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| combase.dll | 0x7ffc571d0000 | 0x7ffc5744bfff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| advapi32.dll | 0x7ffc57aa0000 | 0x7ffc57b45fff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #36: net.exe
0
0
| Information | Value |
|---|---|
| ID | #36 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:02:45, Reason: Child Process |
| Unmonitor | End Time: 00:02:49, Reason: Self Terminated |
| Monitor Duration | 00:00:04 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x8a8 |
| Parent PID | 0x52c (c:\users\public\mksmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
4D0
0x
858
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x00000028ae810000 | 0x28ae810000 | 0x28ae82ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000028ae810000 | 0x28ae810000 | 0x28ae81ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x00000028ae830000 | 0x28ae830000 | 0x28ae843fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000028ae850000 | 0x28ae850000 | 0x28ae8cffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000028ae8d0000 | 0x28ae8d0000 | 0x28ae8d3fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000028ae8e0000 | 0x28ae8e0000 | 0x28ae8e0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000028ae8f0000 | 0x28ae8f0000 | 0x28ae8f1fff | Private Memory | rw |
|
|
|
- |
| private_0x00000028ae9a0000 | 0x28ae9a0000 | 0x28aea9ffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x28aeaa0000 | 0x28aeb5dfff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x00007df5ff340000 | 0x7df5ff340000 | 0x7ff5ff33ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff7056a0000 | 0x7ff7056a0000 | 0x7ff70579ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff7057a0000 | 0x7ff7057a0000 | 0x7ff7057c2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff7057c9000 | 0x7ff7057c9000 | 0x7ff7057c9fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7057ce000 | 0x7ff7057ce000 | 0x7ff7057cffff | Private Memory | rw |
|
|
|
- |
| net.exe | 0x7ff7067c0000 | 0x7ff7067dcfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #38: runtimebroker.exe
0
0
| Information | Value |
|---|---|
| ID | #38 |
| File Name | c:\windows\system32\runtimebroker.exe |
| Command Line | C:\Windows\System32\RuntimeBroker.exe -Embedding |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:02:46, Reason: Child Process |
| Unmonitor | End Time: 00:02:47, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x490 |
| Parent PID | 0x7f8 (c:\windows\system32\runtimebroker.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs | - |
Process #39: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #39 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:02:46, Reason: Child Process |
| Unmonitor | End Time: 00:02:49, Reason: Self Terminated |
| Monitor Duration | 00:00:03 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xee0 |
| Parent PID | 0x8a8 (c:\windows\system32\net.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
F04
0x
7B4
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x0000005c1d590000 | 0x5c1d590000 | 0x5c1d5affff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000005c1d590000 | 0x5c1d590000 | 0x5c1d59ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000005c1d5a0000 | 0x5c1d5a0000 | 0x5c1d5a6fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000005c1d5b0000 | 0x5c1d5b0000 | 0x5c1d5c3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000005c1d5d0000 | 0x5c1d5d0000 | 0x5c1d64ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000005c1d650000 | 0x5c1d650000 | 0x5c1d653fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000005c1d660000 | 0x5c1d660000 | 0x5c1d660fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000005c1d670000 | 0x5c1d670000 | 0x5c1d671fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x5c1d680000 | 0x5c1d73dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000005c1d740000 | 0x5c1d740000 | 0x5c1d7bffff | Private Memory | rw |
|
|
|
- |
| private_0x0000005c1d7c0000 | 0x5c1d7c0000 | 0x5c1d7c6fff | Private Memory | rw |
|
|
|
- |
| netmsg.dll | 0x5c1d7d0000 | 0x5c1d7d2fff | Memory Mapped File | rwx |
|
|
|
- |
| netmsg.dll.mui | 0x5c1d7e0000 | 0x5c1d811fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000005c1d850000 | 0x5c1d850000 | 0x5c1d94ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000005c1dad0000 | 0x5c1dad0000 | 0x5c1dadffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff880000 | 0x7df5ff880000 | 0x7ff5ff87ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff7193d0000 | 0x7ff7193d0000 | 0x7ff7194cffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff7194d0000 | 0x7ff7194d0000 | 0x7ff7194f2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff7194fb000 | 0x7ff7194fb000 | 0x7ff7194fcfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7194fd000 | 0x7ff7194fd000 | 0x7ff7194fdfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7194fe000 | 0x7ff7194fe000 | 0x7ff7194fffff | Private Memory | rw |
|
|
|
- |
| net1.exe | 0x7ff71a490000 | 0x7ff71a4cbfff | Memory Mapped File | rwx |
|
|
|
- |
| browcli.dll | 0x7ffc4d000000 | 0x7ffc4d013fff | Memory Mapped File | rwx |
|
|
|
- |
| samcli.dll | 0x7ffc50ec0000 | 0x7ffc50ed7fff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x7ffc514b0000 | 0x7ffc514c5fff | Memory Mapped File | rwx |
|
|
|
- |
| dsrole.dll | 0x7ffc51ca0000 | 0x7ffc51ca9fff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x7ffc53830000 | 0x7ffc5383bfff | Memory Mapped File | rwx |
|
|
|
- |
| srvcli.dll | 0x7ffc53840000 | 0x7ffc53865fff | Memory Mapped File | rwx |
|
|
|
- |
| logoncli.dll | 0x7ffc53ba0000 | 0x7ffc53bddfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Threads
Thread 0xf04
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\system32\net1.exe, base_address = 0x7ff71a490000 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = SAMSS |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Info | service_name = SAMSS |
|
1 | |
| Module | Load | module_name = NETMSG, base_address = 0x5c1d7d0000 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 71 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 52 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 |
Process #40: net.exe
0
0
| Information | Value |
|---|---|
| ID | #40 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:02:46, Reason: Child Process |
| Unmonitor | End Time: 00:02:50, Reason: Self Terminated |
| Monitor Duration | 00:00:04 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xf00 |
| Parent PID | 0x52c (c:\users\public\mksmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
EFC
0x
F94
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000e702050000 | 0xe702050000 | 0xe70206ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000e702050000 | 0xe702050000 | 0xe70205ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x000000e702070000 | 0xe702070000 | 0xe702083fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000e702090000 | 0xe702090000 | 0xe70210ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000e702110000 | 0xe702110000 | 0xe702113fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000e702120000 | 0xe702120000 | 0xe702120fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000e702130000 | 0xe702130000 | 0xe702131fff | Private Memory | rw |
|
|
|
- |
| private_0x000000e7021b0000 | 0xe7021b0000 | 0xe7022affff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0xe7022b0000 | 0xe70236dfff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x00007df5ff670000 | 0x7df5ff670000 | 0x7ff5ff66ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff705830000 | 0x7ff705830000 | 0x7ff70592ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff705930000 | 0x7ff705930000 | 0x7ff705952fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff705955000 | 0x7ff705955000 | 0x7ff705955fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff70595e000 | 0x7ff70595e000 | 0x7ff70595ffff | Private Memory | rw |
|
|
|
- |
| net.exe | 0x7ff7067c0000 | 0x7ff7067dcfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #42: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #42 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:02:49, Reason: Child Process |
| Unmonitor | End Time: 00:02:50, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xff8 |
| Parent PID | 0xf00 (c:\windows\system32\net.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
E24
0x
D84
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000ae20010000 | 0xae20010000 | 0xae2002ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000ae20010000 | 0xae20010000 | 0xae2001ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000ae20020000 | 0xae20020000 | 0xae20026fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000ae20030000 | 0xae20030000 | 0xae20043fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000ae20050000 | 0xae20050000 | 0xae200cffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000ae200d0000 | 0xae200d0000 | 0xae200d3fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000ae200e0000 | 0xae200e0000 | 0xae200e0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000ae200f0000 | 0xae200f0000 | 0xae200f1fff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae20100000 | 0xae20100000 | 0xae2017ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ae20180000 | 0xae20180000 | 0xae20186fff | Private Memory | rw |
|
|
|
- |
| netmsg.dll | 0xae20190000 | 0xae20192fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000ae201a0000 | 0xae201a0000 | 0xae2029ffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0xae202a0000 | 0xae2035dfff | Memory Mapped File | r |
|
|
|
- |
| netmsg.dll.mui | 0xae20360000 | 0xae20391fff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000ae204a0000 | 0xae204a0000 | 0xae204affff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff200000 | 0x7df5ff200000 | 0x7ff5ff1fffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff71a090000 | 0x7ff71a090000 | 0x7ff71a18ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff71a190000 | 0x7ff71a190000 | 0x7ff71a1b2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff71a1bb000 | 0x7ff71a1bb000 | 0x7ff71a1bcfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff71a1bd000 | 0x7ff71a1bd000 | 0x7ff71a1bdfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff71a1be000 | 0x7ff71a1be000 | 0x7ff71a1bffff | Private Memory | rw |
|
|
|
- |
| net1.exe | 0x7ff71a490000 | 0x7ff71a4cbfff | Memory Mapped File | rwx |
|
|
|
- |
| browcli.dll | 0x7ffc4d000000 | 0x7ffc4d013fff | Memory Mapped File | rwx |
|
|
|
- |
| samcli.dll | 0x7ffc50ec0000 | 0x7ffc50ed7fff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x7ffc514b0000 | 0x7ffc514c5fff | Memory Mapped File | rwx |
|
|
|
- |
| dsrole.dll | 0x7ffc51ca0000 | 0x7ffc51ca9fff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x7ffc53830000 | 0x7ffc5383bfff | Memory Mapped File | rwx |
|
|
|
- |
| srvcli.dll | 0x7ffc53840000 | 0x7ffc53865fff | Memory Mapped File | rwx |
|
|
|
- |
| logoncli.dll | 0x7ffc53ba0000 | 0x7ffc53bddfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Threads
Thread 0xe24
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\system32\net1.exe, base_address = 0x7ff71a490000 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = SAMSS |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Info | service_name = SAMSS |
|
1 | |
| Module | Load | module_name = NETMSG, base_address = 0xae20190000 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 71 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 52 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 |
Process #43: werfault.exe
0
0
| Information | Value |
|---|---|
| ID | #43 |
| File Name | c:\windows\system32\werfault.exe |
| Command Line | C:\Windows\system32\WerFault.exe -u -p 3976 -s 900 |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:02:55, Reason: Child Process |
| Unmonitor | End Time: 00:05:22, Reason: Terminated by Timeout |
| Monitor Duration | 00:02:27 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x1130 |
| Parent PID | 0xf88 (c:\windows\system32\svchost.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
1134
0x
1140
0x
118C
0x
1304
0x
1314
0x
1318
0x
1080
0x
1154
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x00000083b9e60000 | 0x83b9e60000 | 0x83b9e7ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000083b9e60000 | 0x83b9e60000 | 0x83b9e6ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x00000083b9e70000 | 0x83b9e70000 | 0x83b9e76fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000083b9e80000 | 0x83b9e80000 | 0x83b9e93fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000083b9ea0000 | 0x83b9ea0000 | 0x83b9f1ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000083b9f20000 | 0x83b9f20000 | 0x83b9f23fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000083b9f30000 | 0x83b9f30000 | 0x83b9f32fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000083b9f40000 | 0x83b9f40000 | 0x83b9f41fff | Private Memory | rw |
|
|
|
- |
| private_0x00000083b9f50000 | 0x83b9f50000 | 0x83b9fcffff | Private Memory | rw |
|
|
|
- |
| private_0x00000083b9fd0000 | 0x83b9fd0000 | 0x83b9fd6fff | Private Memory | rw |
|
|
|
- |
| werfault.exe.mui | 0x83b9fe0000 | 0x83b9fe3fff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000083b9ff0000 | 0x83b9ff0000 | 0x83ba0effff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x83ba0f0000 | 0x83ba1adfff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000083ba1b0000 | 0x83ba1b0000 | 0x83ba1b0fff | Private Memory | rw |
|
|
|
- |
| private_0x00000083ba1c0000 | 0x83ba1c0000 | 0x83ba1c0fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000083ba1d0000 | 0x83ba1d0000 | 0x83ba1d0fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x00000083ba1e0000 | 0x83ba1e0000 | 0x83ba1e0fff | Private Memory | rw |
|
|
|
- |
| private_0x00000083ba1f0000 | 0x83ba1f0000 | 0x83ba1fffff | Private Memory | rw |
|
|
|
- |
| ntdll.dll.mui | 0x83ba200000 | 0x83ba265fff | Memory Mapped File | r |
|
|
|
- |
| faultrep.dll.mui | 0x83ba270000 | 0x83ba271fff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000083ba280000 | 0x83ba280000 | 0x83ba280fff | Private Memory | rw |
|
|
|
- |
| wer.dll.mui | 0x83ba290000 | 0x83ba292fff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000083ba2a0000 | 0x83ba2a0000 | 0x83ba2a6fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000083ba2b0000 | 0x83ba2b0000 | 0x83ba2b1fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000083ba2c0000 | 0x83ba2c0000 | 0x83ba2c1fff | Pagefile Backed Memory | r |
|
|
|
- |
| werui.dll.mui | 0x83ba2d0000 | 0x83ba2d4fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x00000083ba2e0000 | 0x83ba2e0000 | 0x83ba2e1fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000083ba2f0000 | 0x83ba2f0000 | 0x83ba2f0fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000083ba300000 | 0x83ba300000 | 0x83ba301fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000083ba330000 | 0x83ba330000 | 0x83ba33ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000083ba340000 | 0x83ba340000 | 0x83ba4c7fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000083ba4d0000 | 0x83ba4d0000 | 0x83ba650fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000083ba660000 | 0x83ba660000 | 0x83bba5ffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000083bba60000 | 0x83bba60000 | 0x83bbb5ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000083bbbb0000 | 0x83bbbb0000 | 0x83bbbbffff | Private Memory | rw |
|
|
|
- |
| sortdefault.nls | 0x83bbbc0000 | 0x83bbef6fff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000083bbf00000 | 0x83bbf00000 | 0x83bbffffff | Private Memory | rw |
|
|
|
- |
| private_0x00000083bc000000 | 0x83bc000000 | 0x83bc0fffff | Private Memory | rw |
|
|
|
- |
| kernelbase.dll.mui | 0x83bc100000 | 0x83bc1defff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000083bc1e0000 | 0x83bc1e0000 | 0x83bc2dffff | Private Memory | rw |
|
|
|
- |
| private_0x00000083bc2e0000 | 0x83bc2e0000 | 0x83bc35ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000083bc360000 | 0x83bc360000 | 0x83bc3dffff | Private Memory | rw |
|
|
|
- |
| private_0x00000083bc3e0000 | 0x83bc3e0000 | 0x83bc45ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000083bc460000 | 0x83bc460000 | 0x83bc4dffff | Private Memory | rw |
|
|
|
- |
| private_0x00000083bc4e0000 | 0x83bc4e0000 | 0x83bc55ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff970000 | 0x7df5ff970000 | 0x7ff5ff96ffff | Pagefile Backed Memory | - |
|
|
|
- |
| private_0x00007ff65d4ac000 | 0x7ff65d4ac000 | 0x7ff65d4adfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff65d4ae000 | 0x7ff65d4ae000 | 0x7ff65d4affff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007ff65d4b0000 | 0x7ff65d4b0000 | 0x7ff65d5affff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff65d5b0000 | 0x7ff65d5b0000 | 0x7ff65d5d2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff65d5d4000 | 0x7ff65d5d4000 | 0x7ff65d5d5fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff65d5d6000 | 0x7ff65d5d6000 | 0x7ff65d5d7fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff65d5d8000 | 0x7ff65d5d8000 | 0x7ff65d5d8fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff65d5da000 | 0x7ff65d5da000 | 0x7ff65d5dbfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff65d5dc000 | 0x7ff65d5dc000 | 0x7ff65d5ddfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff65d5de000 | 0x7ff65d5de000 | 0x7ff65d5dffff | Private Memory | rw |
|
|
|
- |
| werfault.exe | 0x7ff65dca0000 | 0x7ff65dceafff | Memory Mapped File | rwx |
|
|
|
- |
| dbgeng.dll | 0x7ffc3e170000 | 0x7ffc3e64bfff | Memory Mapped File | rwx |
|
|
|
- |
| wer.dll | 0x7ffc3ec10000 | 0x7ffc3ecadfff | Memory Mapped File | rwx |
|
|
|
- |
| dbghelp.dll | 0x7ffc3f1e0000 | 0x7ffc3f369fff | Memory Mapped File | rwx |
|
|
|
- |
| dui70.dll | 0x7ffc3ff20000 | 0x7ffc400cffff | Memory Mapped File | rwx |
|
|
|
- |
| dbgmodel.dll | 0x7ffc48e30000 | 0x7ffc48ec0fff | Memory Mapped File | rwx |
|
|
|
- |
| riched20.dll | 0x7ffc48f50000 | 0x7ffc48feafff | Memory Mapped File | rwx |
|
|
|
- |
| secur32.dll | 0x7ffc4b6e0000 | 0x7ffc4b6ebfff | Memory Mapped File | rwx |
|
|
|
- |
| version.dll | 0x7ffc4b890000 | 0x7ffc4b899fff | Memory Mapped File | rwx |
|
|
|
- |
| comctl32.dll | 0x7ffc4cbd0000 | 0x7ffc4ce43fff | Memory Mapped File | rwx |
|
|
|
- |
| werui.dll | 0x7ffc4d060000 | 0x7ffc4d0d3fff | Memory Mapped File | rwx |
|
|
|
- |
| msls31.dll | 0x7ffc4d3d0000 | 0x7ffc4d407fff | Memory Mapped File | rwx |
|
|
|
- |
| usp10.dll | 0x7ffc4d410000 | 0x7ffc4d427fff | Memory Mapped File | rwx |
|
|
|
- |
| faultrep.dll | 0x7ffc4d480000 | 0x7ffc4d4ddfff | Memory Mapped File | rwx |
|
|
|
- |
| duser.dll | 0x7ffc4f3a0000 | 0x7ffc4f438fff | Memory Mapped File | rwx |
|
|
|
- |
| xmllite.dll | 0x7ffc4fb00000 | 0x7ffc4fb35fff | Memory Mapped File | rwx |
|
|
|
- |
| dbgcore.dll | 0x7ffc50db0000 | 0x7ffc50dd4fff | Memory Mapped File | rwx |
|
|
|
- |
| uxtheme.dll | 0x7ffc52d70000 | 0x7ffc52e05fff | Memory Mapped File | rwx |
|
|
|
- |
| devobj.dll | 0x7ffc52ef0000 | 0x7ffc52f16fff | Memory Mapped File | rwx |
|
|
|
- |
| ntmarta.dll | 0x7ffc53920000 | 0x7ffc53951fff | Memory Mapped File | rwx |
|
|
|
- |
| rsaenh.dll | 0x7ffc53a90000 | 0x7ffc53ac2fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptsp.dll | 0x7ffc54210000 | 0x7ffc54226fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x7ffc54280000 | 0x7ffc5428afff | Memory Mapped File | rwx |
|
|
|
- |
| sspicli.dll | 0x7ffc54320000 | 0x7ffc5434bfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| bcryptprimitives.dll | 0x7ffc543d0000 | 0x7ffc5443afff | Memory Mapped File | rwx |
|
|
|
- |
| profapi.dll | 0x7ffc54580000 | 0x7ffc54592fff | Memory Mapped File | rwx |
|
|
|
- |
| powrprof.dll | 0x7ffc545a0000 | 0x7ffc545e9fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel.appcore.dll | 0x7ffc54610000 | 0x7ffc5461efff | Memory Mapped File | rwx |
|
|
|
- |
| cfgmgr32.dll | 0x7ffc54620000 | 0x7ffc54663fff | Memory Mapped File | rwx |
|
|
|
- |
| windows.storage.dll | 0x7ffc54670000 | 0x7ffc54c97fff | Memory Mapped File | rwx |
|
|
|
- |
| shcore.dll | 0x7ffc54f80000 | 0x7ffc55032fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x7ffc55280000 | 0x7ffc552b5fff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x7ffc55380000 | 0x7ffc554dbfff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x7ffc554e0000 | 0x7ffc5562dfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| oleaut32.dll | 0x7ffc55910000 | 0x7ffc559cdfff | Memory Mapped File | rwx |
|
|
|
- |
| shell32.dll | 0x7ffc559d0000 | 0x7ffc56ef4fff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x7ffc56f10000 | 0x7ffc57094fff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| combase.dll | 0x7ffc571d0000 | 0x7ffc5744bfff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ole32.dll | 0x7ffc57750000 | 0x7ffc57890fff | Memory Mapped File | rwx |
|
|
|
- |
| shlwapi.dll | 0x7ffc578a0000 | 0x7ffc578f0fff | Memory Mapped File | rwx |
|
|
|
- |
| clbcatq.dll | 0x7ffc57970000 | 0x7ffc57a14fff | Memory Mapped File | rwx |
|
|
|
- |
| advapi32.dll | 0x7ffc57aa0000 | 0x7ffc57b45fff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #44: net.exe
0
0
| Information | Value |
|---|---|
| ID | #44 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:02:56, Reason: Child Process |
| Unmonitor | End Time: 00:02:59, Reason: Self Terminated |
| Monitor Duration | 00:00:03 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x1170 |
| Parent PID | 0x52c (c:\users\public\mksmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
1174
0x
1214
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000d049aa0000 | 0xd049aa0000 | 0xd049abffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000d049aa0000 | 0xd049aa0000 | 0xd049aaffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x000000d049ac0000 | 0xd049ac0000 | 0xd049ad3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000d049ae0000 | 0xd049ae0000 | 0xd049b5ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000d049b60000 | 0xd049b60000 | 0xd049b63fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000d049b70000 | 0xd049b70000 | 0xd049b70fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000d049b80000 | 0xd049b80000 | 0xd049b81fff | Private Memory | rw |
|
|
|
- |
| private_0x000000d049bf0000 | 0xd049bf0000 | 0xd049ceffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0xd049cf0000 | 0xd049dadfff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x00007df5ff610000 | 0x7df5ff610000 | 0x7ff5ff60ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff7056c0000 | 0x7ff7056c0000 | 0x7ff7057bffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff7057c0000 | 0x7ff7057c0000 | 0x7ff7057e2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff7057ed000 | 0x7ff7057ed000 | 0x7ff7057eefff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7057ef000 | 0x7ff7057ef000 | 0x7ff7057effff | Private Memory | rw |
|
|
|
- |
| net.exe | 0x7ff7067c0000 | 0x7ff7067dcfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #46: svchost.exe
0
0
| Information | Value |
|---|---|
| ID | #46 |
| File Name | c:\windows\system32\svchost.exe |
| Command Line | C:\Windows\system32\svchost.exe -k UnistackSvcGroup |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:02:57, Reason: Child Process |
| Unmonitor | End Time: 00:05:22, Reason: Terminated by Timeout |
| Monitor Duration | 00:02:25 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x1188 |
| Parent PID | 0xf88 (c:\windows\system32\svchost.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs | - |
Process #47: net.exe
0
0
| Information | Value |
|---|---|
| ID | #47 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:02:57, Reason: Child Process |
| Unmonitor | End Time: 00:03:00, Reason: Self Terminated |
| Monitor Duration | 00:00:03 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x1260 |
| Parent PID | 0x52c (c:\users\public\mksmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
1264
0x
1310
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x00000066de8a0000 | 0x66de8a0000 | 0x66de8bffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000066de8a0000 | 0x66de8a0000 | 0x66de8affff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x00000066de8c0000 | 0x66de8c0000 | 0x66de8d3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000066de8e0000 | 0x66de8e0000 | 0x66de95ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000066de960000 | 0x66de960000 | 0x66de963fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000066de970000 | 0x66de970000 | 0x66de970fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000066de980000 | 0x66de980000 | 0x66de981fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x66de990000 | 0x66dea4dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000066dea90000 | 0x66dea90000 | 0x66deb8ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ffdc0000 | 0x7df5ffdc0000 | 0x7ff5ffdbffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff706200000 | 0x7ff706200000 | 0x7ff7062fffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff706300000 | 0x7ff706300000 | 0x7ff706322fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff70632d000 | 0x7ff70632d000 | 0x7ff70632efff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff70632f000 | 0x7ff70632f000 | 0x7ff70632ffff | Private Memory | rw |
|
|
|
- |
| net.exe | 0x7ff7067c0000 | 0x7ff7067dcfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #48: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #48 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:02:57, Reason: Child Process |
| Unmonitor | End Time: 00:02:59, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x1268 |
| Parent PID | 0x1170 (c:\windows\system32\net.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
126C
0x
12EC
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000f4112c0000 | 0xf4112c0000 | 0xf4112dffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000f4112c0000 | 0xf4112c0000 | 0xf4112cffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000f4112d0000 | 0xf4112d0000 | 0xf4112d6fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000f4112e0000 | 0xf4112e0000 | 0xf4112f3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000f411300000 | 0xf411300000 | 0xf41137ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000f411380000 | 0xf411380000 | 0xf411383fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000f411390000 | 0xf411390000 | 0xf411390fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000f4113a0000 | 0xf4113a0000 | 0xf4113a1fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0xf4113b0000 | 0xf41146dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000f411470000 | 0xf411470000 | 0xf4114effff | Private Memory | rw |
|
|
|
- |
| private_0x000000f4114f0000 | 0xf4114f0000 | 0xf4114f6fff | Private Memory | rw |
|
|
|
- |
| netmsg.dll | 0xf411500000 | 0xf411502fff | Memory Mapped File | rwx |
|
|
|
- |
| netmsg.dll.mui | 0xf411510000 | 0xf411541fff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000f411560000 | 0xf411560000 | 0xf41165ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000f411850000 | 0xf411850000 | 0xf41185ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff670000 | 0x7df5ff670000 | 0x7ff5ff66ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff719840000 | 0x7ff719840000 | 0x7ff71993ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff719940000 | 0x7ff719940000 | 0x7ff719962fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff719965000 | 0x7ff719965000 | 0x7ff719965fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff71996c000 | 0x7ff71996c000 | 0x7ff71996dfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff71996e000 | 0x7ff71996e000 | 0x7ff71996ffff | Private Memory | rw |
|
|
|
- |
| net1.exe | 0x7ff71a490000 | 0x7ff71a4cbfff | Memory Mapped File | rwx |
|
|
|
- |
| browcli.dll | 0x7ffc4d210000 | 0x7ffc4d223fff | Memory Mapped File | rwx |
|
|
|
- |
| samcli.dll | 0x7ffc50ec0000 | 0x7ffc50ed7fff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x7ffc514b0000 | 0x7ffc514c5fff | Memory Mapped File | rwx |
|
|
|
- |
| dsrole.dll | 0x7ffc51ca0000 | 0x7ffc51ca9fff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x7ffc53830000 | 0x7ffc5383bfff | Memory Mapped File | rwx |
|
|
|
- |
| srvcli.dll | 0x7ffc53840000 | 0x7ffc53865fff | Memory Mapped File | rwx |
|
|
|
- |
| logoncli.dll | 0x7ffc53ba0000 | 0x7ffc53bddfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Threads
Thread 0x126c
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\system32\net1.exe, base_address = 0x7ff71a490000 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = SAMSS |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Info | service_name = SAMSS |
|
1 | |
| Module | Load | module_name = NETMSG, base_address = 0xf411500000 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 71 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 52 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 |
Process #50: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #50 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:02:59, Reason: Child Process |
| Unmonitor | End Time: 00:03:00, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x134c |
| Parent PID | 0x1260 (c:\windows\system32\net.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
1350
0x
13A4
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x0000006cde4f0000 | 0x6cde4f0000 | 0x6cde50ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000006cde4f0000 | 0x6cde4f0000 | 0x6cde4fffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000006cde500000 | 0x6cde500000 | 0x6cde506fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000006cde510000 | 0x6cde510000 | 0x6cde523fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000006cde530000 | 0x6cde530000 | 0x6cde5affff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000006cde5b0000 | 0x6cde5b0000 | 0x6cde5b3fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000006cde5c0000 | 0x6cde5c0000 | 0x6cde5c0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000006cde5d0000 | 0x6cde5d0000 | 0x6cde5d1fff | Private Memory | rw |
|
|
|
- |
| private_0x0000006cde5e0000 | 0x6cde5e0000 | 0x6cde5e6fff | Private Memory | rw |
|
|
|
- |
| netmsg.dll | 0x6cde5f0000 | 0x6cde5f2fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x0000006cde600000 | 0x6cde600000 | 0x6cde6fffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x6cde700000 | 0x6cde7bdfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000006cde7c0000 | 0x6cde7c0000 | 0x6cde83ffff | Private Memory | rw |
|
|
|
- |
| netmsg.dll.mui | 0x6cde840000 | 0x6cde871fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000006cde9e0000 | 0x6cde9e0000 | 0x6cde9effff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff1c0000 | 0x7df5ff1c0000 | 0x7ff5ff1bffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff7198a0000 | 0x7ff7198a0000 | 0x7ff71999ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff7199a0000 | 0x7ff7199a0000 | 0x7ff7199c2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff7199ca000 | 0x7ff7199ca000 | 0x7ff7199cbfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7199cc000 | 0x7ff7199cc000 | 0x7ff7199ccfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7199ce000 | 0x7ff7199ce000 | 0x7ff7199cffff | Private Memory | rw |
|
|
|
- |
| net1.exe | 0x7ff71a490000 | 0x7ff71a4cbfff | Memory Mapped File | rwx |
|
|
|
- |
| browcli.dll | 0x7ffc4d210000 | 0x7ffc4d223fff | Memory Mapped File | rwx |
|
|
|
- |
| samcli.dll | 0x7ffc50ec0000 | 0x7ffc50ed7fff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x7ffc514b0000 | 0x7ffc514c5fff | Memory Mapped File | rwx |
|
|
|
- |
| dsrole.dll | 0x7ffc51ca0000 | 0x7ffc51ca9fff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x7ffc53830000 | 0x7ffc5383bfff | Memory Mapped File | rwx |
|
|
|
- |
| srvcli.dll | 0x7ffc53840000 | 0x7ffc53865fff | Memory Mapped File | rwx |
|
|
|
- |
| logoncli.dll | 0x7ffc53ba0000 | 0x7ffc53bddfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Threads
Thread 0x1350
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\system32\net1.exe, base_address = 0x7ff71a490000 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = SAMSS |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Info | service_name = SAMSS |
|
1 | |
| Module | Load | module_name = NETMSG, base_address = 0x6cde5f0000 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 71 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 52 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 |
Process #51: net.exe
0
0
| Information | Value |
|---|---|
| ID | #51 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:03:07, Reason: Child Process |
| Unmonitor | End Time: 00:03:11, Reason: Self Terminated |
| Monitor Duration | 00:00:04 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x1528 |
| Parent PID | 0x52c (c:\users\public\mksmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
152C
0x
165C
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000c8f0ce0000 | 0xc8f0ce0000 | 0xc8f0cfffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000c8f0ce0000 | 0xc8f0ce0000 | 0xc8f0ceffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x000000c8f0d00000 | 0xc8f0d00000 | 0xc8f0d13fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000c8f0d20000 | 0xc8f0d20000 | 0xc8f0d9ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000c8f0da0000 | 0xc8f0da0000 | 0xc8f0da3fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000c8f0db0000 | 0xc8f0db0000 | 0xc8f0db0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000c8f0dc0000 | 0xc8f0dc0000 | 0xc8f0dc1fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0xc8f0dd0000 | 0xc8f0e8dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000c8f0ec0000 | 0xc8f0ec0000 | 0xc8f0fbffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff300000 | 0x7df5ff300000 | 0x7ff5ff2fffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff705e50000 | 0x7ff705e50000 | 0x7ff705f4ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff705f50000 | 0x7ff705f50000 | 0x7ff705f72fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff705f7b000 | 0x7ff705f7b000 | 0x7ff705f7bfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff705f7e000 | 0x7ff705f7e000 | 0x7ff705f7ffff | Private Memory | rw |
|
|
|
- |
| net.exe | 0x7ff7067c0000 | 0x7ff7067dcfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #53: net.exe
0
0
| Information | Value |
|---|---|
| ID | #53 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:03:08, Reason: Child Process |
| Unmonitor | End Time: 00:03:12, Reason: Self Terminated |
| Monitor Duration | 00:00:04 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x1670 |
| Parent PID | 0x52c (c:\users\public\mksmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
1674
0x
1754
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x00000039b1430000 | 0x39b1430000 | 0x39b144ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000039b1430000 | 0x39b1430000 | 0x39b143ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x00000039b1450000 | 0x39b1450000 | 0x39b1463fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000039b1470000 | 0x39b1470000 | 0x39b14effff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000039b14f0000 | 0x39b14f0000 | 0x39b14f3fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000039b1500000 | 0x39b1500000 | 0x39b1500fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000039b1510000 | 0x39b1510000 | 0x39b1511fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x39b1520000 | 0x39b15ddfff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000039b1660000 | 0x39b1660000 | 0x39b175ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff770000 | 0x7df5ff770000 | 0x7ff5ff76ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff705b70000 | 0x7ff705b70000 | 0x7ff705c6ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff705c70000 | 0x7ff705c70000 | 0x7ff705c92fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff705c9d000 | 0x7ff705c9d000 | 0x7ff705c9efff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff705c9f000 | 0x7ff705c9f000 | 0x7ff705c9ffff | Private Memory | rw |
|
|
|
- |
| net.exe | 0x7ff7067c0000 | 0x7ff7067dcfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #54: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #54 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:03:08, Reason: Child Process |
| Unmonitor | End Time: 00:03:10, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x1698 |
| Parent PID | 0x1528 (c:\windows\system32\net.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
169C
0x
16FC
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x00000098ba5e0000 | 0x98ba5e0000 | 0x98ba5fffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000098ba5e0000 | 0x98ba5e0000 | 0x98ba5effff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x00000098ba5f0000 | 0x98ba5f0000 | 0x98ba5f6fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000098ba600000 | 0x98ba600000 | 0x98ba613fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000098ba620000 | 0x98ba620000 | 0x98ba69ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000098ba6a0000 | 0x98ba6a0000 | 0x98ba6a3fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000098ba6b0000 | 0x98ba6b0000 | 0x98ba6b0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000098ba6c0000 | 0x98ba6c0000 | 0x98ba6c1fff | Private Memory | rw |
|
|
|
- |
| private_0x00000098ba6d0000 | 0x98ba6d0000 | 0x98ba74ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000098ba750000 | 0x98ba750000 | 0x98ba756fff | Private Memory | rw |
|
|
|
- |
| private_0x00000098ba760000 | 0x98ba760000 | 0x98ba85ffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x98ba860000 | 0x98ba91dfff | Memory Mapped File | r |
|
|
|
- |
| netmsg.dll | 0x98ba920000 | 0x98ba922fff | Memory Mapped File | rwx |
|
|
|
- |
| netmsg.dll.mui | 0x98ba930000 | 0x98ba961fff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000098bab10000 | 0x98bab10000 | 0x98bab1ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff5d0000 | 0x7df5ff5d0000 | 0x7ff5ff5cffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff719870000 | 0x7ff719870000 | 0x7ff71996ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff719970000 | 0x7ff719970000 | 0x7ff719992fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff71999b000 | 0x7ff71999b000 | 0x7ff71999bfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff71999c000 | 0x7ff71999c000 | 0x7ff71999dfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff71999e000 | 0x7ff71999e000 | 0x7ff71999ffff | Private Memory | rw |
|
|
|
- |
| net1.exe | 0x7ff71a490000 | 0x7ff71a4cbfff | Memory Mapped File | rwx |
|
|
|
- |
| browcli.dll | 0x7ffc505c0000 | 0x7ffc505d3fff | Memory Mapped File | rwx |
|
|
|
- |
| samcli.dll | 0x7ffc50ec0000 | 0x7ffc50ed7fff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x7ffc514b0000 | 0x7ffc514c5fff | Memory Mapped File | rwx |
|
|
|
- |
| dsrole.dll | 0x7ffc51ca0000 | 0x7ffc51ca9fff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x7ffc53830000 | 0x7ffc5383bfff | Memory Mapped File | rwx |
|
|
|
- |
| srvcli.dll | 0x7ffc53840000 | 0x7ffc53865fff | Memory Mapped File | rwx |
|
|
|
- |
| logoncli.dll | 0x7ffc53ba0000 | 0x7ffc53bddfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Threads
Thread 0x169c
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\system32\net1.exe, base_address = 0x7ff71a490000 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = SAMSS |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Info | service_name = SAMSS |
|
1 | |
| Module | Load | module_name = NETMSG, base_address = 0x98ba920000 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 71 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 52 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 |
Process #56: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #56 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:03:10, Reason: Child Process |
| Unmonitor | End Time: 00:03:12, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x176c |
| Parent PID | 0x1670 (c:\windows\system32\net.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
1770
0x
17CC
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000e7b87b0000 | 0xe7b87b0000 | 0xe7b87cffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000e7b87b0000 | 0xe7b87b0000 | 0xe7b87bffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000e7b87c0000 | 0xe7b87c0000 | 0xe7b87c6fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000e7b87d0000 | 0xe7b87d0000 | 0xe7b87e3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000e7b87f0000 | 0xe7b87f0000 | 0xe7b886ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000e7b8870000 | 0xe7b8870000 | 0xe7b8873fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000e7b8880000 | 0xe7b8880000 | 0xe7b8880fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000e7b8890000 | 0xe7b8890000 | 0xe7b8891fff | Private Memory | rw |
|
|
|
- |
| private_0x000000e7b88a0000 | 0xe7b88a0000 | 0xe7b891ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000e7b8920000 | 0xe7b8920000 | 0xe7b8926fff | Private Memory | rw |
|
|
|
- |
| netmsg.dll | 0xe7b8930000 | 0xe7b8932fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000e7b8950000 | 0xe7b8950000 | 0xe7b8a4ffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0xe7b8a50000 | 0xe7b8b0dfff | Memory Mapped File | r |
|
|
|
- |
| netmsg.dll.mui | 0xe7b8b10000 | 0xe7b8b41fff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000e7b8c20000 | 0xe7b8c20000 | 0xe7b8c2ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ffec0000 | 0x7df5ffec0000 | 0x7ff5ffebffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff719670000 | 0x7ff719670000 | 0x7ff71976ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff719770000 | 0x7ff719770000 | 0x7ff719792fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff71979b000 | 0x7ff71979b000 | 0x7ff71979cfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff71979d000 | 0x7ff71979d000 | 0x7ff71979efff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff71979f000 | 0x7ff71979f000 | 0x7ff71979ffff | Private Memory | rw |
|
|
|
- |
| net1.exe | 0x7ff71a490000 | 0x7ff71a4cbfff | Memory Mapped File | rwx |
|
|
|
- |
| browcli.dll | 0x7ffc505c0000 | 0x7ffc505d3fff | Memory Mapped File | rwx |
|
|
|
- |
| samcli.dll | 0x7ffc50ec0000 | 0x7ffc50ed7fff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x7ffc514b0000 | 0x7ffc514c5fff | Memory Mapped File | rwx |
|
|
|
- |
| dsrole.dll | 0x7ffc51ca0000 | 0x7ffc51ca9fff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x7ffc53830000 | 0x7ffc5383bfff | Memory Mapped File | rwx |
|
|
|
- |
| srvcli.dll | 0x7ffc53840000 | 0x7ffc53865fff | Memory Mapped File | rwx |
|
|
|
- |
| logoncli.dll | 0x7ffc53ba0000 | 0x7ffc53bddfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Threads
Thread 0x1770
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\system32\net1.exe, base_address = 0x7ff71a490000 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = SAMSS |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Info | service_name = SAMSS |
|
1 | |
| Module | Load | module_name = NETMSG, base_address = 0xe7b8930000 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 71 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 52 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 |
Process #57: werfault.exe
0
0
| Information | Value |
|---|---|
| ID | #57 |
| File Name | c:\windows\system32\werfault.exe |
| Command Line | C:\Windows\system32\WerFault.exe -u -p 2532 -s 1012 |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:03:12, Reason: Child Process |
| Unmonitor | End Time: 00:03:26, Reason: Self Terminated |
| Monitor Duration | 00:00:14 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x17f0 |
| Parent PID | 0x9e4 (c:\windows\systemapps\microsoft.windows.cortana_cw5n1h2txyewy\searchui.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
17F4
0x
17F8
0x
1534
0x
1558
0x
420
0x
1660
0x
193C
0x
1B0C
0x
1DB8
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x00000031af9a0000 | 0x31af9a0000 | 0x31af9bffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000031af9a0000 | 0x31af9a0000 | 0x31af9affff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x00000031af9b0000 | 0x31af9b0000 | 0x31af9b6fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000031af9c0000 | 0x31af9c0000 | 0x31af9d3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000031af9e0000 | 0x31af9e0000 | 0x31afa5ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000031afa60000 | 0x31afa60000 | 0x31afa63fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000031afa70000 | 0x31afa70000 | 0x31afa72fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000031afa80000 | 0x31afa80000 | 0x31afa81fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x31afa90000 | 0x31afb4dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000031afb50000 | 0x31afb50000 | 0x31afb56fff | Private Memory | rw |
|
|
|
- |
| private_0x00000031afb60000 | 0x31afb60000 | 0x31afc5ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000031afc60000 | 0x31afc60000 | 0x31afcdffff | Private Memory | rw |
|
|
|
- |
| werfault.exe.mui | 0x31afce0000 | 0x31afce3fff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000031afcf0000 | 0x31afcf0000 | 0x31afcf0fff | Private Memory | rw |
|
|
|
- |
| private_0x00000031afd00000 | 0x31afd00000 | 0x31afd00fff | Private Memory | rw |
|
|
|
- |
| private_0x00000031afd10000 | 0x31afd10000 | 0x31afd1ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000031afd20000 | 0x31afd20000 | 0x31afd20fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x00000031afd30000 | 0x31afd30000 | 0x31afd30fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000031afd40000 | 0x31afd40000 | 0x31afd40fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000031afd50000 | 0x31afd50000 | 0x31afd5ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000031afd60000 | 0x31afd60000 | 0x31afddffff | Private Memory | rw |
|
|
|
- |
| private_0x00000031afde0000 | 0x31afde0000 | 0x31afe5ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000031afe60000 | 0x31afe60000 | 0x31afedffff | Private Memory | rw |
|
|
|
- |
| private_0x00000031afee0000 | 0x31afee0000 | 0x31afeeffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000031afef0000 | 0x31afef0000 | 0x31b0077fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000031b0080000 | 0x31b0080000 | 0x31b0200fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000031b0210000 | 0x31b0210000 | 0x31b160ffff | Pagefile Backed Memory | r |
|
|
|
- |
| sortdefault.nls | 0x31b1610000 | 0x31b1946fff | Memory Mapped File | r |
|
|
|
- |
| ntdll.dll.mui | 0x31b1950000 | 0x31b19b5fff | Memory Mapped File | r |
|
|
|
- |
| faultrep.dll.mui | 0x31b19c0000 | 0x31b19c1fff | Memory Mapped File | r |
|
|
|
- |
| wer.dll.mui | 0x31b19d0000 | 0x31b19d2fff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000031b19e0000 | 0x31b19e0000 | 0x31b19e6fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000031b19f0000 | 0x31b19f0000 | 0x31b19f1fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000031b1a00000 | 0x31b1a00000 | 0x31b1a01fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000031b1a10000 | 0x31b1a10000 | 0x31b1a10fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x00000031b1a20000 | 0x31b1a20000 | 0x31b1a21fff | Pagefile Backed Memory | r |
|
|
|
- |
| winnlsres.dll | 0x31b1a30000 | 0x31b1a34fff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000031b1a40000 | 0x31b1a40000 | 0x31b1b3ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000031b1b40000 | 0x31b1b40000 | 0x31b1c3ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000031b1c40000 | 0x31b1c40000 | 0x31b1d3ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000031b1d40000 | 0x31b1d40000 | 0x31b1f3ffff | Private Memory | rw |
|
|
|
- |
| kernelbase.dll.mui | 0x31b1f40000 | 0x31b201efff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000031b2020000 | 0x31b2020000 | 0x31b211ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000031b2120000 | 0x31b2120000 | 0x31b219ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000031b21a0000 | 0x31b21a0000 | 0x31b21c9fff | Pagefile Backed Memory | rw |
|
|
|
- |
| winnlsres.dll.mui | 0x31b21d0000 | 0x31b21dffff | Memory Mapped File | r |
|
|
|
- |
| mswsock.dll.mui | 0x31b21e0000 | 0x31b21e2fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x00000031b21f0000 | 0x31b21f0000 | 0x31b21f1fff | Pagefile Backed Memory | rw |
|
|
|
- |
| crypt32.dll.mui | 0x31b2200000 | 0x31b2209fff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000031b2210000 | 0x31b2210000 | 0x31b228ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ffa10000 | 0x7df5ffa10000 | 0x7ff5ffa0ffff | Pagefile Backed Memory | - |
|
|
|
- |
| private_0x00007ff65d82c000 | 0x7ff65d82c000 | 0x7ff65d82dfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff65d82e000 | 0x7ff65d82e000 | 0x7ff65d82ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007ff65d830000 | 0x7ff65d830000 | 0x7ff65d92ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff65d930000 | 0x7ff65d930000 | 0x7ff65d952fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff65d954000 | 0x7ff65d954000 | 0x7ff65d955fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff65d956000 | 0x7ff65d956000 | 0x7ff65d956fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff65d958000 | 0x7ff65d958000 | 0x7ff65d959fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff65d95a000 | 0x7ff65d95a000 | 0x7ff65d95bfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff65d95c000 | 0x7ff65d95c000 | 0x7ff65d95dfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff65d95e000 | 0x7ff65d95e000 | 0x7ff65d95ffff | Private Memory | rw |
|
|
|
- |
| werfault.exe | 0x7ff65dca0000 | 0x7ff65dceafff | Memory Mapped File | rwx |
|
|
|
- |
| wer.dll | 0x7ffc3ec10000 | 0x7ffc3ecadfff | Memory Mapped File | rwx |
|
|
|
- |
| dbghelp.dll | 0x7ffc3f1e0000 | 0x7ffc3f369fff | Memory Mapped File | rwx |
|
|
|
- |
| dui70.dll | 0x7ffc3ff20000 | 0x7ffc400cffff | Memory Mapped File | rwx |
|
|
|
- |
| mskeyprotect.dll | 0x7ffc42390000 | 0x7ffc423a3fff | Memory Mapped File | rwx |
|
|
|
- |
| ncryptsslp.dll | 0x7ffc42440000 | 0x7ffc4245efff | Memory Mapped File | rwx |
|
|
|
- |
| dbgeng.dll | 0x7ffc45d30000 | 0x7ffc4620bfff | Memory Mapped File | rwx |
|
|
|
- |
| actxprxy.dll | 0x7ffc48ff0000 | 0x7ffc49459fff | Memory Mapped File | rwx |
|
|
|
- |
| webio.dll | 0x7ffc4a100000 | 0x7ffc4a17ffff | Memory Mapped File | rwx |
|
|
|
- |
| npmproxy.dll | 0x7ffc4b090000 | 0x7ffc4b09dfff | Memory Mapped File | rwx |
|
|
|
- |
| secur32.dll | 0x7ffc4b6e0000 | 0x7ffc4b6ebfff | Memory Mapped File | rwx |
|
|
|
- |
| version.dll | 0x7ffc4b890000 | 0x7ffc4b899fff | Memory Mapped File | rwx |
|
|
|
- |
| ondemandconnroutehelper.dll | 0x7ffc4b8c0000 | 0x7ffc4b8d4fff | Memory Mapped File | rwx |
|
|
|
- |
| netprofm.dll | 0x7ffc4c220000 | 0x7ffc4c25efff | Memory Mapped File | rwx |
|
|
|
- |
| rasadhlp.dll | 0x7ffc4c270000 | 0x7ffc4c279fff | Memory Mapped File | rwx |
|
|
|
- |
| comctl32.dll | 0x7ffc4cbd0000 | 0x7ffc4ce43fff | Memory Mapped File | rwx |
|
|
|
- |
| werui.dll | 0x7ffc4d060000 | 0x7ffc4d0d3fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptnet.dll | 0x7ffc4d230000 | 0x7ffc4d25efff | Memory Mapped File | rwx |
|
|
|
- |
| faultrep.dll | 0x7ffc4d480000 | 0x7ffc4d4ddfff | Memory Mapped File | rwx |
|
|
|
- |
| winhttp.dll | 0x7ffc4d9d0000 | 0x7ffc4daa5fff | Memory Mapped File | rwx |
|
|
|
- |
| xmllite.dll | 0x7ffc4fb00000 | 0x7ffc4fb35fff | Memory Mapped File | rwx |
|
|
|
- |
| windows.security.authentication.onlineid.dll | 0x7ffc4fd50000 | 0x7ffc4fe02fff | Memory Mapped File | rwx |
|
|
|
- |
| dbgmodel.dll | 0x7ffc505a0000 | 0x7ffc50630fff | Memory Mapped File | rwx |
|
|
|
- |
| fwpuclnt.dll | 0x7ffc50980000 | 0x7ffc509e7fff | Memory Mapped File | rwx |
|
|
|
- |
| dhcpcsvc.dll | 0x7ffc50a50000 | 0x7ffc50a69fff | Memory Mapped File | rwx |
|
|
|
- |
| dhcpcsvc6.dll | 0x7ffc50a70000 | 0x7ffc50a85fff | Memory Mapped File | rwx |
|
|
|
- |
| dbgcore.dll | 0x7ffc50db0000 | 0x7ffc50dd4fff | Memory Mapped File | rwx |
|
|
|
- |
| winnsi.dll | 0x7ffc51c30000 | 0x7ffc51c3afff | Memory Mapped File | rwx |
|
|
|
- |
| iphlpapi.dll | 0x7ffc51c50000 | 0x7ffc51c87fff | Memory Mapped File | rwx |
|
|
|
- |
| uxtheme.dll | 0x7ffc52d70000 | 0x7ffc52e05fff | Memory Mapped File | rwx |
|
|
|
- |
| devobj.dll | 0x7ffc52ef0000 | 0x7ffc52f16fff | Memory Mapped File | rwx |
|
|
|
- |
| twinapi.appcore.dll | 0x7ffc52f40000 | 0x7ffc5302dfff | Memory Mapped File | rwx |
|
|
|
- |
| gpapi.dll | 0x7ffc534a0000 | 0x7ffc534c2fff | Memory Mapped File | rwx |
|
|
|
- |
| ntmarta.dll | 0x7ffc53920000 | 0x7ffc53951fff | Memory Mapped File | rwx |
|
|
|
- |
| schannel.dll | 0x7ffc53980000 | 0x7ffc539f3fff | Memory Mapped File | rwx |
|
|
|
- |
| rsaenh.dll | 0x7ffc53a90000 | 0x7ffc53ac2fff | Memory Mapped File | rwx |
|
|
|
- |
| userenv.dll | 0x7ffc53b80000 | 0x7ffc53b9efff | Memory Mapped File | rwx |
|
|
|
- |
| dnsapi.dll | 0x7ffc53be0000 | 0x7ffc53c87fff | Memory Mapped File | rwx |
|
|
|
- |
| mswsock.dll | 0x7ffc53dd0000 | 0x7ffc53e2cfff | Memory Mapped File | rwx |
|
|
|
- |
| ntasn1.dll | 0x7ffc53f30000 | 0x7ffc53f65fff | Memory Mapped File | rwx |
|
|
|
- |
| ncrypt.dll | 0x7ffc53f70000 | 0x7ffc53f95fff | Memory Mapped File | rwx |
|
|
|
- |
| dpapi.dll | 0x7ffc541f0000 | 0x7ffc541f9fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptsp.dll | 0x7ffc54210000 | 0x7ffc54226fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x7ffc54280000 | 0x7ffc5428afff | Memory Mapped File | rwx |
|
|
|
- |
| sspicli.dll | 0x7ffc54320000 | 0x7ffc5434bfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| bcryptprimitives.dll | 0x7ffc543d0000 | 0x7ffc5443afff | Memory Mapped File | rwx |
|
|
|
- |
| profapi.dll | 0x7ffc54580000 | 0x7ffc54592fff | Memory Mapped File | rwx |
|
|
|
- |
| powrprof.dll | 0x7ffc545a0000 | 0x7ffc545e9fff | Memory Mapped File | rwx |
|
|
|
- |
| msasn1.dll | 0x7ffc545f0000 | 0x7ffc54600fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel.appcore.dll | 0x7ffc54610000 | 0x7ffc5461efff | Memory Mapped File | rwx |
|
|
|
- |
| cfgmgr32.dll | 0x7ffc54620000 | 0x7ffc54663fff | Memory Mapped File | rwx |
|
|
|
- |
| windows.storage.dll | 0x7ffc54670000 | 0x7ffc54c97fff | Memory Mapped File | rwx |
|
|
|
- |
| crypt32.dll | 0x7ffc54db0000 | 0x7ffc54f70fff | Memory Mapped File | rwx |
|
|
|
- |
| shcore.dll | 0x7ffc54f80000 | 0x7ffc55032fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| wldap32.dll | 0x7ffc55220000 | 0x7ffc5527afff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x7ffc55280000 | 0x7ffc552b5fff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x7ffc55380000 | 0x7ffc554dbfff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x7ffc554e0000 | 0x7ffc5562dfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| oleaut32.dll | 0x7ffc55910000 | 0x7ffc559cdfff | Memory Mapped File | rwx |
|
|
|
- |
| shell32.dll | 0x7ffc559d0000 | 0x7ffc56ef4fff | Memory Mapped File | rwx |
|
|
|
- |
| nsi.dll | 0x7ffc56f00000 | 0x7ffc56f07fff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x7ffc56f10000 | 0x7ffc57094fff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| combase.dll | 0x7ffc571d0000 | 0x7ffc5744bfff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ole32.dll | 0x7ffc57750000 | 0x7ffc57890fff | Memory Mapped File | rwx |
|
|
|
- |
| shlwapi.dll | 0x7ffc578a0000 | 0x7ffc578f0fff | Memory Mapped File | rwx |
|
|
|
- |
| ws2_32.dll | 0x7ffc57900000 | 0x7ffc57968fff | Memory Mapped File | rwx |
|
|
|
- |
| clbcatq.dll | 0x7ffc57970000 | 0x7ffc57a14fff | Memory Mapped File | rwx |
|
|
|
- |
| advapi32.dll | 0x7ffc57aa0000 | 0x7ffc57b45fff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #58: net.exe
0
0
| Information | Value |
|---|---|
| ID | #58 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:03:17, Reason: Child Process |
| Unmonitor | End Time: 00:03:22, Reason: Self Terminated |
| Monitor Duration | 00:00:05 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x1960 |
| Parent PID | 0x52c (c:\users\public\mksmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
1964
0x
19E8
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000aaf6820000 | 0xaaf6820000 | 0xaaf683ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000aaf6820000 | 0xaaf6820000 | 0xaaf682ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x000000aaf6840000 | 0xaaf6840000 | 0xaaf6853fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000aaf6860000 | 0xaaf6860000 | 0xaaf68dffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000aaf68e0000 | 0xaaf68e0000 | 0xaaf68e3fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000aaf68f0000 | 0xaaf68f0000 | 0xaaf68f0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000aaf6900000 | 0xaaf6900000 | 0xaaf6901fff | Private Memory | rw |
|
|
|
- |
| private_0x000000aaf6980000 | 0xaaf6980000 | 0xaaf6a7ffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0xaaf6a80000 | 0xaaf6b3dfff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x00007df5ffc60000 | 0x7df5ffc60000 | 0x7ff5ffc5ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff705c10000 | 0x7ff705c10000 | 0x7ff705d0ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff705d10000 | 0x7ff705d10000 | 0x7ff705d32fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff705d34000 | 0x7ff705d34000 | 0x7ff705d34fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff705d3e000 | 0x7ff705d3e000 | 0x7ff705d3ffff | Private Memory | rw |
|
|
|
- |
| net.exe | 0x7ff7067c0000 | 0x7ff7067dcfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #60: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #60 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:03:18, Reason: Child Process |
| Unmonitor | End Time: 00:03:23, Reason: Self Terminated |
| Monitor Duration | 00:00:05 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x1a54 |
| Parent PID | 0x1960 (c:\windows\system32\net.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
1A58
0x
1BBC
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000c5431d0000 | 0xc5431d0000 | 0xc5431effff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000c5431d0000 | 0xc5431d0000 | 0xc5431dffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000c5431e0000 | 0xc5431e0000 | 0xc5431e6fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000c5431f0000 | 0xc5431f0000 | 0xc543203fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000c543210000 | 0xc543210000 | 0xc54328ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000c543290000 | 0xc543290000 | 0xc543293fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000c5432a0000 | 0xc5432a0000 | 0xc5432a0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000c5432b0000 | 0xc5432b0000 | 0xc5432b1fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0xc5432c0000 | 0xc54337dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000c543380000 | 0xc543380000 | 0xc543386fff | Private Memory | rw |
|
|
|
- |
| netmsg.dll | 0xc543390000 | 0xc543392fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000c5433c0000 | 0xc5433c0000 | 0xc5434bffff | Private Memory | rw |
|
|
|
- |
| private_0x000000c5434c0000 | 0xc5434c0000 | 0xc54353ffff | Private Memory | rw |
|
|
|
- |
| netmsg.dll.mui | 0xc543540000 | 0xc543571fff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000c543630000 | 0xc543630000 | 0xc54363ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff650000 | 0x7df5ff650000 | 0x7ff5ff64ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff7198a0000 | 0x7ff7198a0000 | 0x7ff71999ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff7199a0000 | 0x7ff7199a0000 | 0x7ff7199c2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff7199ca000 | 0x7ff7199ca000 | 0x7ff7199cbfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7199cc000 | 0x7ff7199cc000 | 0x7ff7199cdfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7199ce000 | 0x7ff7199ce000 | 0x7ff7199cefff | Private Memory | rw |
|
|
|
- |
| net1.exe | 0x7ff71a490000 | 0x7ff71a4cbfff | Memory Mapped File | rwx |
|
|
|
- |
| browcli.dll | 0x7ffc505c0000 | 0x7ffc505d3fff | Memory Mapped File | rwx |
|
|
|
- |
| samcli.dll | 0x7ffc50ec0000 | 0x7ffc50ed7fff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x7ffc514b0000 | 0x7ffc514c5fff | Memory Mapped File | rwx |
|
|
|
- |
| dsrole.dll | 0x7ffc51ca0000 | 0x7ffc51ca9fff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x7ffc53830000 | 0x7ffc5383bfff | Memory Mapped File | rwx |
|
|
|
- |
| srvcli.dll | 0x7ffc53840000 | 0x7ffc53865fff | Memory Mapped File | rwx |
|
|
|
- |
| logoncli.dll | 0x7ffc53ba0000 | 0x7ffc53bddfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Threads
Thread 0x1a58
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\system32\net1.exe, base_address = 0x7ff71a490000 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = SAMSS |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Info | service_name = SAMSS |
|
1 | |
| Module | Load | module_name = NETMSG, base_address = 0xc543390000 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 71 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 52 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 |
Process #61: net.exe
0
0
| Information | Value |
|---|---|
| ID | #61 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:03:19, Reason: Child Process |
| Unmonitor | End Time: 00:03:22, Reason: Self Terminated |
| Monitor Duration | 00:00:03 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x1bc0 |
| Parent PID | 0x52c (c:\users\public\mksmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
1BC4
0x
1D78
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x0000005bf2f80000 | 0x5bf2f80000 | 0x5bf2f9ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000005bf2f80000 | 0x5bf2f80000 | 0x5bf2f8ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000005bf2fa0000 | 0x5bf2fa0000 | 0x5bf2fb3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000005bf2fc0000 | 0x5bf2fc0000 | 0x5bf303ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000005bf3040000 | 0x5bf3040000 | 0x5bf3043fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000005bf3050000 | 0x5bf3050000 | 0x5bf3050fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000005bf3060000 | 0x5bf3060000 | 0x5bf3061fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x5bf3070000 | 0x5bf312dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000005bf3180000 | 0x5bf3180000 | 0x5bf327ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff6a0000 | 0x7df5ff6a0000 | 0x7ff5ff69ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff705ed0000 | 0x7ff705ed0000 | 0x7ff705fcffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff705fd0000 | 0x7ff705fd0000 | 0x7ff705ff2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff705ffc000 | 0x7ff705ffc000 | 0x7ff705ffcfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff705ffe000 | 0x7ff705ffe000 | 0x7ff705ffffff | Private Memory | rw |
|
|
|
- |
| net.exe | 0x7ff7067c0000 | 0x7ff7067dcfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #63: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #63 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:03:22, Reason: Child Process |
| Unmonitor | End Time: 00:03:22, Reason: Self Terminated |
| Monitor Duration | 00:00:00 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x1d7c |
| Parent PID | 0x1bc0 (c:\windows\system32\net.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
1D80
0x
1D84
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x00000015e5500000 | 0x15e5500000 | 0x15e551ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000015e5500000 | 0x15e5500000 | 0x15e550ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x00000015e5510000 | 0x15e5510000 | 0x15e5516fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000015e5520000 | 0x15e5520000 | 0x15e5533fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000015e5540000 | 0x15e5540000 | 0x15e55bffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000015e55c0000 | 0x15e55c0000 | 0x15e55c3fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000015e55d0000 | 0x15e55d0000 | 0x15e55d0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000015e55e0000 | 0x15e55e0000 | 0x15e55e1fff | Private Memory | rw |
|
|
|
- |
| private_0x00000015e55f0000 | 0x15e55f0000 | 0x15e56effff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x15e56f0000 | 0x15e57adfff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000015e57b0000 | 0x15e57b0000 | 0x15e582ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000015e5830000 | 0x15e5830000 | 0x15e5836fff | Private Memory | rw |
|
|
|
- |
| netmsg.dll | 0x15e5840000 | 0x15e5842fff | Memory Mapped File | rwx |
|
|
|
- |
| netmsg.dll.mui | 0x15e5850000 | 0x15e5881fff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000015e5890000 | 0x15e5890000 | 0x15e589ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff1c0000 | 0x7df5ff1c0000 | 0x7ff5ff1bffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff71a240000 | 0x7ff71a240000 | 0x7ff71a33ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff71a340000 | 0x7ff71a340000 | 0x7ff71a362fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff71a364000 | 0x7ff71a364000 | 0x7ff71a364fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff71a36c000 | 0x7ff71a36c000 | 0x7ff71a36dfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff71a36e000 | 0x7ff71a36e000 | 0x7ff71a36ffff | Private Memory | rw |
|
|
|
- |
| net1.exe | 0x7ff71a490000 | 0x7ff71a4cbfff | Memory Mapped File | rwx |
|
|
|
- |
| browcli.dll | 0x7ffc505c0000 | 0x7ffc505d3fff | Memory Mapped File | rwx |
|
|
|
- |
| samcli.dll | 0x7ffc50ec0000 | 0x7ffc50ed7fff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x7ffc514b0000 | 0x7ffc514c5fff | Memory Mapped File | rwx |
|
|
|
- |
| dsrole.dll | 0x7ffc51ca0000 | 0x7ffc51ca9fff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x7ffc53830000 | 0x7ffc5383bfff | Memory Mapped File | rwx |
|
|
|
- |
| srvcli.dll | 0x7ffc53840000 | 0x7ffc53865fff | Memory Mapped File | rwx |
|
|
|
- |
| logoncli.dll | 0x7ffc53ba0000 | 0x7ffc53bddfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Threads
Thread 0x1d80
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\system32\net1.exe, base_address = 0x7ff71a490000 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = SAMSS |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Info | service_name = SAMSS |
|
1 | |
| Module | Load | module_name = NETMSG, base_address = 0x15e5840000 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 71 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 52 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 |
Process #64: net.exe
0
0
| Information | Value |
|---|---|
| ID | #64 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:03:27, Reason: Child Process |
| Unmonitor | End Time: 00:03:29, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x1e74 |
| Parent PID | 0x52c (c:\users\public\mksmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
1E78
0x
1E90
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x0000003b6d8b0000 | 0x3b6d8b0000 | 0x3b6d8cffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000003b6d8b0000 | 0x3b6d8b0000 | 0x3b6d8bffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000003b6d8d0000 | 0x3b6d8d0000 | 0x3b6d8e3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000003b6d8f0000 | 0x3b6d8f0000 | 0x3b6d96ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000003b6d970000 | 0x3b6d970000 | 0x3b6d973fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000003b6d980000 | 0x3b6d980000 | 0x3b6d980fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000003b6d990000 | 0x3b6d990000 | 0x3b6d991fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x3b6d9a0000 | 0x3b6da5dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000003b6da70000 | 0x3b6da70000 | 0x3b6db6ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff4e0000 | 0x7df5ff4e0000 | 0x7ff5ff4dffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff7064b0000 | 0x7ff7064b0000 | 0x7ff7065affff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff7065b0000 | 0x7ff7065b0000 | 0x7ff7065d2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff7065dc000 | 0x7ff7065dc000 | 0x7ff7065ddfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7065de000 | 0x7ff7065de000 | 0x7ff7065defff | Private Memory | rw |
|
|
|
- |
| net.exe | 0x7ff7067c0000 | 0x7ff7067dcfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #66: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #66 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:03:28, Reason: Child Process |
| Unmonitor | End Time: 00:03:29, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x1e98 |
| Parent PID | 0x1e74 (c:\windows\system32\net.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
1E9C
0x
1EA0
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000e205960000 | 0xe205960000 | 0xe20597ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000e205960000 | 0xe205960000 | 0xe20596ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000e205970000 | 0xe205970000 | 0xe205976fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000e205980000 | 0xe205980000 | 0xe205993fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000e2059a0000 | 0xe2059a0000 | 0xe205a1ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000e205a20000 | 0xe205a20000 | 0xe205a23fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000e205a30000 | 0xe205a30000 | 0xe205a30fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000e205a40000 | 0xe205a40000 | 0xe205a41fff | Private Memory | rw |
|
|
|
- |
| private_0x000000e205a50000 | 0xe205a50000 | 0xe205a56fff | Private Memory | rw |
|
|
|
- |
| netmsg.dll | 0xe205a60000 | 0xe205a62fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000e205a70000 | 0xe205a70000 | 0xe205b6ffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0xe205b70000 | 0xe205c2dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000e205c30000 | 0xe205c30000 | 0xe205caffff | Private Memory | rw |
|
|
|
- |
| netmsg.dll.mui | 0xe205cb0000 | 0xe205ce1fff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000e205e50000 | 0xe205e50000 | 0xe205e5ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff480000 | 0x7df5ff480000 | 0x7ff5ff47ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff719740000 | 0x7ff719740000 | 0x7ff71983ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff719840000 | 0x7ff719840000 | 0x7ff719862fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff71986b000 | 0x7ff71986b000 | 0x7ff71986cfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff71986d000 | 0x7ff71986d000 | 0x7ff71986efff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff71986f000 | 0x7ff71986f000 | 0x7ff71986ffff | Private Memory | rw |
|
|
|
- |
| net1.exe | 0x7ff71a490000 | 0x7ff71a4cbfff | Memory Mapped File | rwx |
|
|
|
- |
| browcli.dll | 0x7ffc505c0000 | 0x7ffc505d3fff | Memory Mapped File | rwx |
|
|
|
- |
| samcli.dll | 0x7ffc50ec0000 | 0x7ffc50ed7fff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x7ffc514b0000 | 0x7ffc514c5fff | Memory Mapped File | rwx |
|
|
|
- |
| dsrole.dll | 0x7ffc51ca0000 | 0x7ffc51ca9fff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x7ffc53830000 | 0x7ffc5383bfff | Memory Mapped File | rwx |
|
|
|
- |
| srvcli.dll | 0x7ffc53840000 | 0x7ffc53865fff | Memory Mapped File | rwx |
|
|
|
- |
| logoncli.dll | 0x7ffc53ba0000 | 0x7ffc53bddfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Threads
Thread 0x1e9c
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\system32\net1.exe, base_address = 0x7ff71a490000 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = SAMSS |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Info | service_name = SAMSS |
|
1 | |
| Module | Load | module_name = NETMSG, base_address = 0xe205a60000 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 71 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 52 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 |
Process #67: net.exe
0
0
| Information | Value |
|---|---|
| ID | #67 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:03:30, Reason: Child Process |
| Unmonitor | End Time: 00:03:31, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x1fb4 |
| Parent PID | 0x52c (c:\users\public\mksmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
1FB8
0x
1BC0
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x00000001dad50000 | 0x1dad50000 | 0x1dad6ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000001dad50000 | 0x1dad50000 | 0x1dad5ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x00000001dad70000 | 0x1dad70000 | 0x1dad83fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000001dad90000 | 0x1dad90000 | 0x1dae0ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000001dae10000 | 0x1dae10000 | 0x1dae13fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000001dae20000 | 0x1dae20000 | 0x1dae20fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000001dae30000 | 0x1dae30000 | 0x1dae31fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x1dae40000 | 0x1daefdfff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000001dafa0000 | 0x1dafa0000 | 0x1db09ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff840000 | 0x7df5ff840000 | 0x7ff5ff83ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff706440000 | 0x7ff706440000 | 0x7ff70653ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff706540000 | 0x7ff706540000 | 0x7ff706562fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff706569000 | 0x7ff706569000 | 0x7ff706569fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff70656e000 | 0x7ff70656e000 | 0x7ff70656ffff | Private Memory | rw |
|
|
|
- |
| net.exe | 0x7ff7067c0000 | 0x7ff7067dcfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #69: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #69 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:03:31, Reason: Child Process |
| Unmonitor | End Time: 00:03:31, Reason: Self Terminated |
| Monitor Duration | 00:00:00 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x1cfc |
| Parent PID | 0x1fb4 (c:\windows\system32\net.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
1968
0x
1510
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000c5458e0000 | 0xc5458e0000 | 0xc5458fffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000c5458e0000 | 0xc5458e0000 | 0xc5458effff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000c5458f0000 | 0xc5458f0000 | 0xc5458f6fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000c545900000 | 0xc545900000 | 0xc545913fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000c545920000 | 0xc545920000 | 0xc54599ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000c5459a0000 | 0xc5459a0000 | 0xc5459a3fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000c5459b0000 | 0xc5459b0000 | 0xc5459b0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000c5459c0000 | 0xc5459c0000 | 0xc5459c1fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0xc5459d0000 | 0xc545a8dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000c545a90000 | 0xc545a90000 | 0xc545a96fff | Private Memory | rw |
|
|
|
- |
| netmsg.dll | 0xc545aa0000 | 0xc545aa2fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000c545ae0000 | 0xc545ae0000 | 0xc545bdffff | Private Memory | rw |
|
|
|
- |
| private_0x000000c545be0000 | 0xc545be0000 | 0xc545c5ffff | Private Memory | rw |
|
|
|
- |
| netmsg.dll.mui | 0xc545c60000 | 0xc545c91fff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000c545da0000 | 0xc545da0000 | 0xc545daffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff390000 | 0x7df5ff390000 | 0x7ff5ff38ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff71a0e0000 | 0x7ff71a0e0000 | 0x7ff71a1dffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff71a1e0000 | 0x7ff71a1e0000 | 0x7ff71a202fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff71a206000 | 0x7ff71a206000 | 0x7ff71a206fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff71a20c000 | 0x7ff71a20c000 | 0x7ff71a20dfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff71a20e000 | 0x7ff71a20e000 | 0x7ff71a20ffff | Private Memory | rw |
|
|
|
- |
| net1.exe | 0x7ff71a490000 | 0x7ff71a4cbfff | Memory Mapped File | rwx |
|
|
|
- |
| browcli.dll | 0x7ffc505c0000 | 0x7ffc505d3fff | Memory Mapped File | rwx |
|
|
|
- |
| samcli.dll | 0x7ffc50ec0000 | 0x7ffc50ed7fff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x7ffc514b0000 | 0x7ffc514c5fff | Memory Mapped File | rwx |
|
|
|
- |
| dsrole.dll | 0x7ffc51ca0000 | 0x7ffc51ca9fff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x7ffc53830000 | 0x7ffc5383bfff | Memory Mapped File | rwx |
|
|
|
- |
| srvcli.dll | 0x7ffc53840000 | 0x7ffc53865fff | Memory Mapped File | rwx |
|
|
|
- |
| logoncli.dll | 0x7ffc53ba0000 | 0x7ffc53bddfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Threads
Thread 0x1968
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\system32\net1.exe, base_address = 0x7ff71a490000 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = SAMSS |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Info | service_name = SAMSS |
|
1 | |
| Module | Load | module_name = NETMSG, base_address = 0xc545aa0000 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 71 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 52 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 |
Process #70: net.exe
0
0
| Information | Value |
|---|---|
| ID | #70 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:03:38, Reason: Child Process |
| Unmonitor | End Time: 00:03:39, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x22f8 |
| Parent PID | 0x52c (c:\users\public\mksmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
22FC
0x
2334
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000c75e5e0000 | 0xc75e5e0000 | 0xc75e5fffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000c75e5e0000 | 0xc75e5e0000 | 0xc75e5effff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x000000c75e600000 | 0xc75e600000 | 0xc75e613fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000c75e620000 | 0xc75e620000 | 0xc75e69ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000c75e6a0000 | 0xc75e6a0000 | 0xc75e6a3fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000c75e6b0000 | 0xc75e6b0000 | 0xc75e6b0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000c75e6c0000 | 0xc75e6c0000 | 0xc75e6c1fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0xc75e6d0000 | 0xc75e78dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000c75e7c0000 | 0xc75e7c0000 | 0xc75e8bffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff7b0000 | 0x7df5ff7b0000 | 0x7ff5ff7affff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff705f20000 | 0x7ff705f20000 | 0x7ff70601ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff706020000 | 0x7ff706020000 | 0x7ff706042fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff706048000 | 0x7ff706048000 | 0x7ff706048fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff70604e000 | 0x7ff70604e000 | 0x7ff70604ffff | Private Memory | rw |
|
|
|
- |
| net.exe | 0x7ff7067c0000 | 0x7ff7067dcfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #72: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #72 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:03:39, Reason: Child Process |
| Unmonitor | End Time: 00:03:39, Reason: Self Terminated |
| Monitor Duration | 00:00:00 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x2404 |
| Parent PID | 0x22f8 (c:\windows\system32\net.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
2408
0x
240C
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x0000007b04890000 | 0x7b04890000 | 0x7b048affff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000007b04890000 | 0x7b04890000 | 0x7b0489ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000007b048a0000 | 0x7b048a0000 | 0x7b048a6fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000007b048b0000 | 0x7b048b0000 | 0x7b048c3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000007b048d0000 | 0x7b048d0000 | 0x7b0494ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000007b04950000 | 0x7b04950000 | 0x7b04953fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000007b04960000 | 0x7b04960000 | 0x7b04960fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000007b04970000 | 0x7b04970000 | 0x7b04971fff | Private Memory | rw |
|
|
|
- |
| private_0x0000007b04980000 | 0x7b04980000 | 0x7b04986fff | Private Memory | rw |
|
|
|
- |
| private_0x0000007b04990000 | 0x7b04990000 | 0x7b04a8ffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x7b04a90000 | 0x7b04b4dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000007b04b50000 | 0x7b04b50000 | 0x7b04bcffff | Private Memory | rw |
|
|
|
- |
| netmsg.dll | 0x7b04bd0000 | 0x7b04bd2fff | Memory Mapped File | rwx |
|
|
|
- |
| netmsg.dll.mui | 0x7b04be0000 | 0x7b04c11fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000007b04d60000 | 0x7b04d60000 | 0x7b04d6ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff3e0000 | 0x7df5ff3e0000 | 0x7ff5ff3dffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff71a280000 | 0x7ff71a280000 | 0x7ff71a37ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff71a380000 | 0x7ff71a380000 | 0x7ff71a3a2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff71a3a4000 | 0x7ff71a3a4000 | 0x7ff71a3a4fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff71a3ac000 | 0x7ff71a3ac000 | 0x7ff71a3adfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff71a3ae000 | 0x7ff71a3ae000 | 0x7ff71a3affff | Private Memory | rw |
|
|
|
- |
| net1.exe | 0x7ff71a490000 | 0x7ff71a4cbfff | Memory Mapped File | rwx |
|
|
|
- |
| browcli.dll | 0x7ffc505c0000 | 0x7ffc505d3fff | Memory Mapped File | rwx |
|
|
|
- |
| samcli.dll | 0x7ffc50ec0000 | 0x7ffc50ed7fff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x7ffc514b0000 | 0x7ffc514c5fff | Memory Mapped File | rwx |
|
|
|
- |
| dsrole.dll | 0x7ffc51ca0000 | 0x7ffc51ca9fff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x7ffc53830000 | 0x7ffc5383bfff | Memory Mapped File | rwx |
|
|
|
- |
| srvcli.dll | 0x7ffc53840000 | 0x7ffc53865fff | Memory Mapped File | rwx |
|
|
|
- |
| logoncli.dll | 0x7ffc53ba0000 | 0x7ffc53bddfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Threads
Thread 0x2408
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\system32\net1.exe, base_address = 0x7ff71a490000 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = SAMSS |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Info | service_name = SAMSS |
|
1 | |
| Module | Load | module_name = NETMSG, base_address = 0x7b04bd0000 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 71 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 52 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 |
Process #73: net.exe
0
0
| Information | Value |
|---|---|
| ID | #73 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:03:40, Reason: Child Process |
| Unmonitor | End Time: 00:03:43, Reason: Self Terminated |
| Monitor Duration | 00:00:03 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x2418 |
| Parent PID | 0x52c (c:\users\public\mksmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
241C
0x
2434
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x00000074de0f0000 | 0x74de0f0000 | 0x74de10ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000074de0f0000 | 0x74de0f0000 | 0x74de0fffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x00000074de110000 | 0x74de110000 | 0x74de123fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000074de130000 | 0x74de130000 | 0x74de1affff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000074de1b0000 | 0x74de1b0000 | 0x74de1b3fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000074de1c0000 | 0x74de1c0000 | 0x74de1c0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000074de1d0000 | 0x74de1d0000 | 0x74de1d1fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x74de1e0000 | 0x74de29dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000074de390000 | 0x74de390000 | 0x74de48ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff070000 | 0x7df5ff070000 | 0x7ff5ff06ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff705750000 | 0x7ff705750000 | 0x7ff70584ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff705850000 | 0x7ff705850000 | 0x7ff705872fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff705879000 | 0x7ff705879000 | 0x7ff705879fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff70587e000 | 0x7ff70587e000 | 0x7ff70587ffff | Private Memory | rw |
|
|
|
- |
| net.exe | 0x7ff7067c0000 | 0x7ff7067dcfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #75: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #75 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:03:41, Reason: Child Process |
| Unmonitor | End Time: 00:03:43, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x2438 |
| Parent PID | 0x2418 (c:\windows\system32\net.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
243C
0x
2440
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x00000044bb4f0000 | 0x44bb4f0000 | 0x44bb50ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000044bb4f0000 | 0x44bb4f0000 | 0x44bb4fffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x00000044bb500000 | 0x44bb500000 | 0x44bb506fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000044bb510000 | 0x44bb510000 | 0x44bb523fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000044bb530000 | 0x44bb530000 | 0x44bb5affff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000044bb5b0000 | 0x44bb5b0000 | 0x44bb5b3fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000044bb5c0000 | 0x44bb5c0000 | 0x44bb5c0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000044bb5d0000 | 0x44bb5d0000 | 0x44bb5d1fff | Private Memory | rw |
|
|
|
- |
| private_0x00000044bb5e0000 | 0x44bb5e0000 | 0x44bb5e6fff | Private Memory | rw |
|
|
|
- |
| netmsg.dll | 0x44bb5f0000 | 0x44bb5f2fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x00000044bb630000 | 0x44bb630000 | 0x44bb72ffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x44bb730000 | 0x44bb7edfff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000044bb7f0000 | 0x44bb7f0000 | 0x44bb86ffff | Private Memory | rw |
|
|
|
- |
| netmsg.dll.mui | 0x44bb870000 | 0x44bb8a1fff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000044bb930000 | 0x44bb930000 | 0x44bb93ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff5c0000 | 0x7df5ff5c0000 | 0x7ff5ff5bffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff719f80000 | 0x7ff719f80000 | 0x7ff71a07ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff71a080000 | 0x7ff71a080000 | 0x7ff71a0a2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff71a0ab000 | 0x7ff71a0ab000 | 0x7ff71a0abfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff71a0ac000 | 0x7ff71a0ac000 | 0x7ff71a0adfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff71a0ae000 | 0x7ff71a0ae000 | 0x7ff71a0affff | Private Memory | rw |
|
|
|
- |
| net1.exe | 0x7ff71a490000 | 0x7ff71a4cbfff | Memory Mapped File | rwx |
|
|
|
- |
| browcli.dll | 0x7ffc505c0000 | 0x7ffc505d3fff | Memory Mapped File | rwx |
|
|
|
- |
| samcli.dll | 0x7ffc50ec0000 | 0x7ffc50ed7fff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x7ffc514b0000 | 0x7ffc514c5fff | Memory Mapped File | rwx |
|
|
|
- |
| dsrole.dll | 0x7ffc51ca0000 | 0x7ffc51ca9fff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x7ffc53830000 | 0x7ffc5383bfff | Memory Mapped File | rwx |
|
|
|
- |
| srvcli.dll | 0x7ffc53840000 | 0x7ffc53865fff | Memory Mapped File | rwx |
|
|
|
- |
| logoncli.dll | 0x7ffc53ba0000 | 0x7ffc53bddfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Threads
Thread 0x243c
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\system32\net1.exe, base_address = 0x7ff71a490000 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = SAMSS |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Info | service_name = SAMSS |
|
1 | |
| Module | Load | module_name = NETMSG, base_address = 0x44bb5f0000 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 71 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 52 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 |
Process #76: net.exe
0
0
| Information | Value |
|---|---|
| ID | #76 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:03:49, Reason: Child Process |
| Unmonitor | End Time: 00:03:52, Reason: Self Terminated |
| Monitor Duration | 00:00:03 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x288c |
| Parent PID | 0x52c (c:\users\public\mksmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
2890
0x
2A14
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x0000001b23b40000 | 0x1b23b40000 | 0x1b23b5ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000001b23b40000 | 0x1b23b40000 | 0x1b23b4ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000001b23b60000 | 0x1b23b60000 | 0x1b23b73fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000001b23b80000 | 0x1b23b80000 | 0x1b23bfffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000001b23c00000 | 0x1b23c00000 | 0x1b23c03fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000001b23c10000 | 0x1b23c10000 | 0x1b23c10fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000001b23c20000 | 0x1b23c20000 | 0x1b23c21fff | Private Memory | rw |
|
|
|
- |
| private_0x0000001b23c80000 | 0x1b23c80000 | 0x1b23d7ffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x1b23d80000 | 0x1b23e3dfff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x00007df5ffd40000 | 0x7df5ffd40000 | 0x7ff5ffd3ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff706440000 | 0x7ff706440000 | 0x7ff70653ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff706540000 | 0x7ff706540000 | 0x7ff706562fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff706563000 | 0x7ff706563000 | 0x7ff706563fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff70656e000 | 0x7ff70656e000 | 0x7ff70656ffff | Private Memory | rw |
|
|
|
- |
| net.exe | 0x7ff7067c0000 | 0x7ff7067dcfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #78: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #78 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:03:51, Reason: Child Process |
| Unmonitor | End Time: 00:03:53, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x2a74 |
| Parent PID | 0x288c (c:\windows\system32\net.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
2A78
0x
2B30
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x0000001c05df0000 | 0x1c05df0000 | 0x1c05e0ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000001c05df0000 | 0x1c05df0000 | 0x1c05dfffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000001c05e00000 | 0x1c05e00000 | 0x1c05e06fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000001c05e10000 | 0x1c05e10000 | 0x1c05e23fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000001c05e30000 | 0x1c05e30000 | 0x1c05eaffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000001c05eb0000 | 0x1c05eb0000 | 0x1c05eb3fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000001c05ec0000 | 0x1c05ec0000 | 0x1c05ec0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000001c05ed0000 | 0x1c05ed0000 | 0x1c05ed1fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x1c05ee0000 | 0x1c05f9dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000001c05fa0000 | 0x1c05fa0000 | 0x1c0601ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000001c06020000 | 0x1c06020000 | 0x1c06026fff | Private Memory | rw |
|
|
|
- |
| netmsg.dll | 0x1c06030000 | 0x1c06032fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x0000001c06050000 | 0x1c06050000 | 0x1c0614ffff | Private Memory | rw |
|
|
|
- |
| netmsg.dll.mui | 0x1c06150000 | 0x1c06181fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000001c062e0000 | 0x1c062e0000 | 0x1c062effff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff750000 | 0x7df5ff750000 | 0x7ff5ff74ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff71a2a0000 | 0x7ff71a2a0000 | 0x7ff71a39ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff71a3a0000 | 0x7ff71a3a0000 | 0x7ff71a3c2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff71a3c7000 | 0x7ff71a3c7000 | 0x7ff71a3c7fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff71a3cc000 | 0x7ff71a3cc000 | 0x7ff71a3cdfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff71a3ce000 | 0x7ff71a3ce000 | 0x7ff71a3cffff | Private Memory | rw |
|
|
|
- |
| net1.exe | 0x7ff71a490000 | 0x7ff71a4cbfff | Memory Mapped File | rwx |
|
|
|
- |
| browcli.dll | 0x7ffc505b0000 | 0x7ffc505c3fff | Memory Mapped File | rwx |
|
|
|
- |
| samcli.dll | 0x7ffc50ec0000 | 0x7ffc50ed7fff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x7ffc514b0000 | 0x7ffc514c5fff | Memory Mapped File | rwx |
|
|
|
- |
| dsrole.dll | 0x7ffc51ca0000 | 0x7ffc51ca9fff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x7ffc53830000 | 0x7ffc5383bfff | Memory Mapped File | rwx |
|
|
|
- |
| srvcli.dll | 0x7ffc53840000 | 0x7ffc53865fff | Memory Mapped File | rwx |
|
|
|
- |
| logoncli.dll | 0x7ffc53ba0000 | 0x7ffc53bddfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Threads
Thread 0x2a78
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\system32\net1.exe, base_address = 0x7ff71a490000 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = SAMSS |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Info | service_name = SAMSS |
|
1 | |
| Module | Load | module_name = NETMSG, base_address = 0x1c06030000 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 71 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 52 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 |
Process #79: net.exe
0
0
| Information | Value |
|---|---|
| ID | #79 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:03:51, Reason: Child Process |
| Unmonitor | End Time: 00:03:53, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x2ae0 |
| Parent PID | 0x52c (c:\users\public\mksmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
2AE4
0x
2B44
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000aeef1b0000 | 0xaeef1b0000 | 0xaeef1cffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000aeef1b0000 | 0xaeef1b0000 | 0xaeef1bffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x000000aeef1d0000 | 0xaeef1d0000 | 0xaeef1e3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000aeef1f0000 | 0xaeef1f0000 | 0xaeef26ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000aeef270000 | 0xaeef270000 | 0xaeef273fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000aeef280000 | 0xaeef280000 | 0xaeef280fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000aeef290000 | 0xaeef290000 | 0xaeef291fff | Private Memory | rw |
|
|
|
- |
| private_0x000000aeef2b0000 | 0xaeef2b0000 | 0xaeef3affff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0xaeef3b0000 | 0xaeef46dfff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x00007df5ffd90000 | 0x7df5ffd90000 | 0x7ff5ffd8ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff705d20000 | 0x7ff705d20000 | 0x7ff705e1ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff705e20000 | 0x7ff705e20000 | 0x7ff705e42fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff705e47000 | 0x7ff705e47000 | 0x7ff705e47fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff705e4e000 | 0x7ff705e4e000 | 0x7ff705e4ffff | Private Memory | rw |
|
|
|
- |
| net.exe | 0x7ff7067c0000 | 0x7ff7067dcfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #81: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #81 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:03:52, Reason: Child Process |
| Unmonitor | End Time: 00:03:52, Reason: Self Terminated |
| Monitor Duration | 00:00:00 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x2b48 |
| Parent PID | 0x2ae0 (c:\windows\system32\net.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
2B4C
0x
2B50
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x0000004067c70000 | 0x4067c70000 | 0x4067c8ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000004067c70000 | 0x4067c70000 | 0x4067c7ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000004067c80000 | 0x4067c80000 | 0x4067c86fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000004067c90000 | 0x4067c90000 | 0x4067ca3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000004067cb0000 | 0x4067cb0000 | 0x4067d2ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000004067d30000 | 0x4067d30000 | 0x4067d33fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000004067d40000 | 0x4067d40000 | 0x4067d40fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000004067d50000 | 0x4067d50000 | 0x4067d51fff | Private Memory | rw |
|
|
|
- |
| private_0x0000004067d60000 | 0x4067d60000 | 0x4067d66fff | Private Memory | rw |
|
|
|
- |
| netmsg.dll | 0x4067d70000 | 0x4067d72fff | Memory Mapped File | rwx |
|
|
|
- |
| netmsg.dll.mui | 0x4067d80000 | 0x4067db1fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000004067dd0000 | 0x4067dd0000 | 0x4067ecffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x4067ed0000 | 0x4067f8dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000004067f90000 | 0x4067f90000 | 0x406800ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000004068130000 | 0x4068130000 | 0x406813ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff8f0000 | 0x7df5ff8f0000 | 0x7ff5ff8effff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff719f10000 | 0x7ff719f10000 | 0x7ff71a00ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff71a010000 | 0x7ff71a010000 | 0x7ff71a032fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff71a03a000 | 0x7ff71a03a000 | 0x7ff71a03afff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff71a03c000 | 0x7ff71a03c000 | 0x7ff71a03dfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff71a03e000 | 0x7ff71a03e000 | 0x7ff71a03ffff | Private Memory | rw |
|
|
|
- |
| net1.exe | 0x7ff71a490000 | 0x7ff71a4cbfff | Memory Mapped File | rwx |
|
|
|
- |
| browcli.dll | 0x7ffc505b0000 | 0x7ffc505c3fff | Memory Mapped File | rwx |
|
|
|
- |
| samcli.dll | 0x7ffc50ec0000 | 0x7ffc50ed7fff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x7ffc514b0000 | 0x7ffc514c5fff | Memory Mapped File | rwx |
|
|
|
- |
| dsrole.dll | 0x7ffc51ca0000 | 0x7ffc51ca9fff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x7ffc53830000 | 0x7ffc5383bfff | Memory Mapped File | rwx |
|
|
|
- |
| srvcli.dll | 0x7ffc53840000 | 0x7ffc53865fff | Memory Mapped File | rwx |
|
|
|
- |
| logoncli.dll | 0x7ffc53ba0000 | 0x7ffc53bddfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Threads
Thread 0x2b4c
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\system32\net1.exe, base_address = 0x7ff71a490000 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = SAMSS |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Info | service_name = SAMSS |
|
1 | |
| Module | Load | module_name = NETMSG, base_address = 0x4067d70000 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 71 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 52 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 |
Process #82: net.exe
0
0
| Information | Value |
|---|---|
| ID | #82 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:04:00, Reason: Child Process |
| Unmonitor | End Time: 00:04:05, Reason: Self Terminated |
| Monitor Duration | 00:00:05 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x3198 |
| Parent PID | 0x52c (c:\users\public\mksmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
319C
0x
32CC
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x00000095097a0000 | 0x95097a0000 | 0x95097bffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000095097a0000 | 0x95097a0000 | 0x95097affff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x00000095097c0000 | 0x95097c0000 | 0x95097d3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000095097e0000 | 0x95097e0000 | 0x950985ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000009509860000 | 0x9509860000 | 0x9509863fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000009509870000 | 0x9509870000 | 0x9509870fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000009509880000 | 0x9509880000 | 0x9509881fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x9509890000 | 0x950994dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000009509a60000 | 0x9509a60000 | 0x9509b5ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff040000 | 0x7df5ff040000 | 0x7ff5ff03ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff7063b0000 | 0x7ff7063b0000 | 0x7ff7064affff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff7064b0000 | 0x7ff7064b0000 | 0x7ff7064d2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff7064d9000 | 0x7ff7064d9000 | 0x7ff7064d9fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7064de000 | 0x7ff7064de000 | 0x7ff7064dffff | Private Memory | rw |
|
|
|
- |
| net.exe | 0x7ff7067c0000 | 0x7ff7067dcfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #84: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #84 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:04:01, Reason: Child Process |
| Unmonitor | End Time: 00:04:04, Reason: Self Terminated |
| Monitor Duration | 00:00:03 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x3320 |
| Parent PID | 0x3198 (c:\windows\system32\net.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
3324
0x
33E4
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000ed21610000 | 0xed21610000 | 0xed2162ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000ed21610000 | 0xed21610000 | 0xed2161ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000ed21620000 | 0xed21620000 | 0xed21626fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000ed21630000 | 0xed21630000 | 0xed21643fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000ed21650000 | 0xed21650000 | 0xed216cffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000ed216d0000 | 0xed216d0000 | 0xed216d3fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000ed216e0000 | 0xed216e0000 | 0xed216e0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000ed216f0000 | 0xed216f0000 | 0xed216f1fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0xed21700000 | 0xed217bdfff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000ed217c0000 | 0xed217c0000 | 0xed2183ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ed21840000 | 0xed21840000 | 0xed21846fff | Private Memory | rw |
|
|
|
- |
| private_0x000000ed21850000 | 0xed21850000 | 0xed2185ffff | Private Memory | rw |
|
|
|
- |
| netmsg.dll | 0xed21860000 | 0xed21862fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000ed21890000 | 0xed21890000 | 0xed2198ffff | Private Memory | rw |
|
|
|
- |
| netmsg.dll.mui | 0xed21990000 | 0xed219c1fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x00007df5ff0d0000 | 0x7df5ff0d0000 | 0x7ff5ff0cffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff7197d0000 | 0x7ff7197d0000 | 0x7ff7198cffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff7198d0000 | 0x7ff7198d0000 | 0x7ff7198f2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff7198fb000 | 0x7ff7198fb000 | 0x7ff7198fcfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7198fd000 | 0x7ff7198fd000 | 0x7ff7198fefff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7198ff000 | 0x7ff7198ff000 | 0x7ff7198fffff | Private Memory | rw |
|
|
|
- |
| net1.exe | 0x7ff71a490000 | 0x7ff71a4cbfff | Memory Mapped File | rwx |
|
|
|
- |
| browcli.dll | 0x7ffc505b0000 | 0x7ffc505c3fff | Memory Mapped File | rwx |
|
|
|
- |
| samcli.dll | 0x7ffc50ec0000 | 0x7ffc50ed7fff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x7ffc514b0000 | 0x7ffc514c5fff | Memory Mapped File | rwx |
|
|
|
- |
| dsrole.dll | 0x7ffc51ca0000 | 0x7ffc51ca9fff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x7ffc53830000 | 0x7ffc5383bfff | Memory Mapped File | rwx |
|
|
|
- |
| srvcli.dll | 0x7ffc53840000 | 0x7ffc53865fff | Memory Mapped File | rwx |
|
|
|
- |
| logoncli.dll | 0x7ffc53ba0000 | 0x7ffc53bddfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Threads
Thread 0x3324
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\system32\net1.exe, base_address = 0x7ff71a490000 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = SAMSS |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Info | service_name = SAMSS |
|
1 | |
| Module | Load | module_name = NETMSG, base_address = 0xed21860000 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 71 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 52 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 |
Process #85: net.exe
0
0
| Information | Value |
|---|---|
| ID | #85 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:04:01, Reason: Child Process |
| Unmonitor | End Time: 00:04:08, Reason: Self Terminated |
| Monitor Duration | 00:00:07 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x338c |
| Parent PID | 0x52c (c:\users\public\mksmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
3390
0x
36E0
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x0000007cabd90000 | 0x7cabd90000 | 0x7cabdaffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000007cabd90000 | 0x7cabd90000 | 0x7cabd9ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000007cabdb0000 | 0x7cabdb0000 | 0x7cabdc3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000007cabdd0000 | 0x7cabdd0000 | 0x7cabe4ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000007cabe50000 | 0x7cabe50000 | 0x7cabe53fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000007cabe60000 | 0x7cabe60000 | 0x7cabe60fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000007cabe70000 | 0x7cabe70000 | 0x7cabe71fff | Private Memory | rw |
|
|
|
- |
| private_0x0000007cabee0000 | 0x7cabee0000 | 0x7cabfdffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x7cabfe0000 | 0x7cac09dfff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x00007df5ff3d0000 | 0x7df5ff3d0000 | 0x7ff5ff3cffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff705920000 | 0x7ff705920000 | 0x7ff705a1ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff705a20000 | 0x7ff705a20000 | 0x7ff705a42fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff705a44000 | 0x7ff705a44000 | 0x7ff705a44fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff705a4e000 | 0x7ff705a4e000 | 0x7ff705a4ffff | Private Memory | rw |
|
|
|
- |
| net.exe | 0x7ff7067c0000 | 0x7ff7067dcfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #87: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #87 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:04:03, Reason: Child Process |
| Unmonitor | End Time: 00:04:07, Reason: Self Terminated |
| Monitor Duration | 00:00:04 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x373c |
| Parent PID | 0x338c (c:\windows\system32\net.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
3740
0x
DAC
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000b9c8000000 | 0xb9c8000000 | 0xb9c801ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000b9c8000000 | 0xb9c8000000 | 0xb9c800ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000b9c8010000 | 0xb9c8010000 | 0xb9c8016fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000b9c8020000 | 0xb9c8020000 | 0xb9c8033fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000b9c8040000 | 0xb9c8040000 | 0xb9c80bffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000b9c80c0000 | 0xb9c80c0000 | 0xb9c80c3fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000b9c80d0000 | 0xb9c80d0000 | 0xb9c80d0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000b9c80e0000 | 0xb9c80e0000 | 0xb9c80e1fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0xb9c80f0000 | 0xb9c81adfff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000b9c81b0000 | 0xb9c81b0000 | 0xb9c822ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000b9c8230000 | 0xb9c8230000 | 0xb9c832ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000b9c8330000 | 0xb9c8330000 | 0xb9c8336fff | Private Memory | rw |
|
|
|
- |
| netmsg.dll | 0xb9c8340000 | 0xb9c8342fff | Memory Mapped File | rwx |
|
|
|
- |
| netmsg.dll.mui | 0xb9c8350000 | 0xb9c8381fff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000b9c8420000 | 0xb9c8420000 | 0xb9c842ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff360000 | 0x7df5ff360000 | 0x7ff5ff35ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff719560000 | 0x7ff719560000 | 0x7ff71965ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff719660000 | 0x7ff719660000 | 0x7ff719682fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff71968b000 | 0x7ff71968b000 | 0x7ff71968cfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff71968d000 | 0x7ff71968d000 | 0x7ff71968efff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff71968f000 | 0x7ff71968f000 | 0x7ff71968ffff | Private Memory | rw |
|
|
|
- |
| net1.exe | 0x7ff71a490000 | 0x7ff71a4cbfff | Memory Mapped File | rwx |
|
|
|
- |
| browcli.dll | 0x7ffc505b0000 | 0x7ffc505c3fff | Memory Mapped File | rwx |
|
|
|
- |
| samcli.dll | 0x7ffc50ec0000 | 0x7ffc50ed7fff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x7ffc514b0000 | 0x7ffc514c5fff | Memory Mapped File | rwx |
|
|
|
- |
| dsrole.dll | 0x7ffc51ca0000 | 0x7ffc51ca9fff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x7ffc53830000 | 0x7ffc5383bfff | Memory Mapped File | rwx |
|
|
|
- |
| srvcli.dll | 0x7ffc53840000 | 0x7ffc53865fff | Memory Mapped File | rwx |
|
|
|
- |
| logoncli.dll | 0x7ffc53ba0000 | 0x7ffc53bddfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Threads
Thread 0x3740
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\system32\net1.exe, base_address = 0x7ff71a490000 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = SAMSS |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Info | service_name = SAMSS |
|
1 | |
| Module | Load | module_name = NETMSG, base_address = 0xb9c8340000 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 71 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 52 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 |
Process #88: net.exe
0
0
| Information | Value |
|---|---|
| ID | #88 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:04:11, Reason: Child Process |
| Unmonitor | End Time: 00:04:17, Reason: Self Terminated |
| Monitor Duration | 00:00:06 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x3ea4 |
| Parent PID | 0x52c (c:\users\public\mksmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
3EA8
0x
4008
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x0000001313cb0000 | 0x1313cb0000 | 0x1313ccffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000001313cb0000 | 0x1313cb0000 | 0x1313cbffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000001313cd0000 | 0x1313cd0000 | 0x1313ce3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000001313cf0000 | 0x1313cf0000 | 0x1313d6ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000001313d70000 | 0x1313d70000 | 0x1313d73fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000001313d80000 | 0x1313d80000 | 0x1313d80fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000001313d90000 | 0x1313d90000 | 0x1313d91fff | Private Memory | rw |
|
|
|
- |
| private_0x0000001313e00000 | 0x1313e00000 | 0x1313efffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x1313f00000 | 0x1313fbdfff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x00007df5ffbe0000 | 0x7df5ffbe0000 | 0x7ff5ffbdffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff7056b0000 | 0x7ff7056b0000 | 0x7ff7057affff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff7057b0000 | 0x7ff7057b0000 | 0x7ff7057d2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff7057da000 | 0x7ff7057da000 | 0x7ff7057dafff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7057de000 | 0x7ff7057de000 | 0x7ff7057dffff | Private Memory | rw |
|
|
|
- |
| net.exe | 0x7ff7067c0000 | 0x7ff7067dcfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #90: net.exe
0
0
| Information | Value |
|---|---|
| ID | #90 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:04:12, Reason: Child Process |
| Unmonitor | End Time: 00:04:18, Reason: Self Terminated |
| Monitor Duration | 00:00:06 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x402c |
| Parent PID | 0x52c (c:\users\public\mksmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
4030
0x
42DC
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x0000005735cb0000 | 0x5735cb0000 | 0x5735ccffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000005735cb0000 | 0x5735cb0000 | 0x5735cbffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000005735cd0000 | 0x5735cd0000 | 0x5735ce3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000005735cf0000 | 0x5735cf0000 | 0x5735d6ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000005735d70000 | 0x5735d70000 | 0x5735d73fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000005735d80000 | 0x5735d80000 | 0x5735d80fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000005735d90000 | 0x5735d90000 | 0x5735d91fff | Private Memory | rw |
|
|
|
- |
| private_0x0000005735db0000 | 0x5735db0000 | 0x5735eaffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x5735eb0000 | 0x5735f6dfff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x00007df5ff970000 | 0x7df5ff970000 | 0x7ff5ff96ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff706380000 | 0x7ff706380000 | 0x7ff70647ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff706480000 | 0x7ff706480000 | 0x7ff7064a2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff7064a7000 | 0x7ff7064a7000 | 0x7ff7064a7fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7064ae000 | 0x7ff7064ae000 | 0x7ff7064affff | Private Memory | rw |
|
|
|
- |
| net.exe | 0x7ff7067c0000 | 0x7ff7067dcfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #92: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #92 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:04:12, Reason: Child Process |
| Unmonitor | End Time: 00:04:17, Reason: Self Terminated |
| Monitor Duration | 00:00:05 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x40a0 |
| Parent PID | 0x3ea4 (c:\windows\system32\net.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
40A4
0x
41C8
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x0000009ca34d0000 | 0x9ca34d0000 | 0x9ca34effff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000009ca34d0000 | 0x9ca34d0000 | 0x9ca34dffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000009ca34e0000 | 0x9ca34e0000 | 0x9ca34e6fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000009ca34f0000 | 0x9ca34f0000 | 0x9ca3503fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000009ca3510000 | 0x9ca3510000 | 0x9ca358ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000009ca3590000 | 0x9ca3590000 | 0x9ca3593fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000009ca35a0000 | 0x9ca35a0000 | 0x9ca35a0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000009ca35b0000 | 0x9ca35b0000 | 0x9ca35b1fff | Private Memory | rw |
|
|
|
- |
| private_0x0000009ca35c0000 | 0x9ca35c0000 | 0x9ca35c6fff | Private Memory | rw |
|
|
|
- |
| netmsg.dll | 0x9ca35d0000 | 0x9ca35d2fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x0000009ca3610000 | 0x9ca3610000 | 0x9ca370ffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x9ca3710000 | 0x9ca37cdfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000009ca37d0000 | 0x9ca37d0000 | 0x9ca384ffff | Private Memory | rw |
|
|
|
- |
| netmsg.dll.mui | 0x9ca3850000 | 0x9ca3881fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000009ca3990000 | 0x9ca3990000 | 0x9ca399ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff250000 | 0x7df5ff250000 | 0x7ff5ff24ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff719fd0000 | 0x7ff719fd0000 | 0x7ff71a0cffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff71a0d0000 | 0x7ff71a0d0000 | 0x7ff71a0f2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff71a0fb000 | 0x7ff71a0fb000 | 0x7ff71a0fcfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff71a0fd000 | 0x7ff71a0fd000 | 0x7ff71a0fefff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff71a0ff000 | 0x7ff71a0ff000 | 0x7ff71a0fffff | Private Memory | rw |
|
|
|
- |
| net1.exe | 0x7ff71a490000 | 0x7ff71a4cbfff | Memory Mapped File | rwx |
|
|
|
- |
| browcli.dll | 0x7ffc505b0000 | 0x7ffc505c3fff | Memory Mapped File | rwx |
|
|
|
- |
| samcli.dll | 0x7ffc50ec0000 | 0x7ffc50ed7fff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x7ffc514b0000 | 0x7ffc514c5fff | Memory Mapped File | rwx |
|
|
|
- |
| dsrole.dll | 0x7ffc51ca0000 | 0x7ffc51ca9fff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x7ffc53830000 | 0x7ffc5383bfff | Memory Mapped File | rwx |
|
|
|
- |
| srvcli.dll | 0x7ffc53840000 | 0x7ffc53865fff | Memory Mapped File | rwx |
|
|
|
- |
| logoncli.dll | 0x7ffc53ba0000 | 0x7ffc53bddfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Threads
Thread 0x40a4
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\system32\net1.exe, base_address = 0x7ff71a490000 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = SAMSS |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Info | service_name = SAMSS |
|
1 | |
| Module | Load | module_name = NETMSG, base_address = 0x9ca35d0000 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 71 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 52 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 |
Process #93: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #93 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:04:14, Reason: Child Process |
| Unmonitor | End Time: 00:04:17, Reason: Self Terminated |
| Monitor Duration | 00:00:03 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x4434 |
| Parent PID | 0x402c (c:\windows\system32\net.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
4438
0x
44F4
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000e2437b0000 | 0xe2437b0000 | 0xe2437cffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000e2437b0000 | 0xe2437b0000 | 0xe2437bffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000e2437c0000 | 0xe2437c0000 | 0xe2437c6fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000e2437d0000 | 0xe2437d0000 | 0xe2437e3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000e2437f0000 | 0xe2437f0000 | 0xe24386ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000e243870000 | 0xe243870000 | 0xe243873fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000e243880000 | 0xe243880000 | 0xe243880fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000e243890000 | 0xe243890000 | 0xe243891fff | Private Memory | rw |
|
|
|
- |
| private_0x000000e2438a0000 | 0xe2438a0000 | 0xe2438a6fff | Private Memory | rw |
|
|
|
- |
| netmsg.dll | 0xe2438b0000 | 0xe2438b2fff | Memory Mapped File | rwx |
|
|
|
- |
| netmsg.dll.mui | 0xe2438c0000 | 0xe2438f1fff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000e243900000 | 0xe243900000 | 0xe2439fffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0xe243a00000 | 0xe243abdfff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000e243ac0000 | 0xe243ac0000 | 0xe243b3ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000e243bc0000 | 0xe243bc0000 | 0xe243bcffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff1d0000 | 0x7df5ff1d0000 | 0x7ff5ff1cffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff71a0b0000 | 0x7ff71a0b0000 | 0x7ff71a1affff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff71a1b0000 | 0x7ff71a1b0000 | 0x7ff71a1d2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff71a1d7000 | 0x7ff71a1d7000 | 0x7ff71a1d7fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff71a1dc000 | 0x7ff71a1dc000 | 0x7ff71a1ddfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff71a1de000 | 0x7ff71a1de000 | 0x7ff71a1dffff | Private Memory | rw |
|
|
|
- |
| net1.exe | 0x7ff71a490000 | 0x7ff71a4cbfff | Memory Mapped File | rwx |
|
|
|
- |
| browcli.dll | 0x7ffc505b0000 | 0x7ffc505c3fff | Memory Mapped File | rwx |
|
|
|
- |
| samcli.dll | 0x7ffc50ec0000 | 0x7ffc50ed7fff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x7ffc514b0000 | 0x7ffc514c5fff | Memory Mapped File | rwx |
|
|
|
- |
| dsrole.dll | 0x7ffc51ca0000 | 0x7ffc51ca9fff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x7ffc53830000 | 0x7ffc5383bfff | Memory Mapped File | rwx |
|
|
|
- |
| srvcli.dll | 0x7ffc53840000 | 0x7ffc53865fff | Memory Mapped File | rwx |
|
|
|
- |
| logoncli.dll | 0x7ffc53ba0000 | 0x7ffc53bddfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Threads
Thread 0x4438
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\system32\net1.exe, base_address = 0x7ff71a490000 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = SAMSS |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Info | service_name = SAMSS |
|
1 | |
| Module | Load | module_name = NETMSG, base_address = 0xe2438b0000 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 71 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 52 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 |
Process #94: net.exe
0
0
| Information | Value |
|---|---|
| ID | #94 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:04:22, Reason: Child Process |
| Unmonitor | End Time: 00:04:25, Reason: Self Terminated |
| Monitor Duration | 00:00:03 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x50b8 |
| Parent PID | 0x52c (c:\users\public\mksmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
50BC
0x
527C
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000a9baa20000 | 0xa9baa20000 | 0xa9baa3ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000a9baa20000 | 0xa9baa20000 | 0xa9baa2ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x000000a9baa40000 | 0xa9baa40000 | 0xa9baa53fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000a9baa60000 | 0xa9baa60000 | 0xa9baadffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000a9baae0000 | 0xa9baae0000 | 0xa9baae3fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000a9baaf0000 | 0xa9baaf0000 | 0xa9baaf0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000a9bab00000 | 0xa9bab00000 | 0xa9bab01fff | Private Memory | rw |
|
|
|
- |
| private_0x000000a9bab80000 | 0xa9bab80000 | 0xa9bac7ffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0xa9bac80000 | 0xa9bad3dfff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x00007df5ff8c0000 | 0x7df5ff8c0000 | 0x7ff5ff8bffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff705ee0000 | 0x7ff705ee0000 | 0x7ff705fdffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff705fe0000 | 0x7ff705fe0000 | 0x7ff706002fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff70600d000 | 0x7ff70600d000 | 0x7ff70600efff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff70600f000 | 0x7ff70600f000 | 0x7ff70600ffff | Private Memory | rw |
|
|
|
- |
| net.exe | 0x7ff7067c0000 | 0x7ff7067dcfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #96: net.exe
0
0
| Information | Value |
|---|---|
| ID | #96 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:04:23, Reason: Child Process |
| Unmonitor | End Time: 00:04:25, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x525c |
| Parent PID | 0x52c (c:\users\public\mksmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
5260
0x
5354
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x0000007fbaad0000 | 0x7fbaad0000 | 0x7fbaaeffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000007fbaad0000 | 0x7fbaad0000 | 0x7fbaadffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000007fbaaf0000 | 0x7fbaaf0000 | 0x7fbab03fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000007fbab10000 | 0x7fbab10000 | 0x7fbab8ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000007fbab90000 | 0x7fbab90000 | 0x7fbab93fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000007fbaba0000 | 0x7fbaba0000 | 0x7fbaba0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000007fbabb0000 | 0x7fbabb0000 | 0x7fbabb1fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x7fbabc0000 | 0x7fbac7dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000007fbaca0000 | 0x7fbaca0000 | 0x7fbad9ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ffc30000 | 0x7df5ffc30000 | 0x7ff5ffc2ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff706110000 | 0x7ff706110000 | 0x7ff70620ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff706210000 | 0x7ff706210000 | 0x7ff706232fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff70623c000 | 0x7ff70623c000 | 0x7ff70623dfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff70623e000 | 0x7ff70623e000 | 0x7ff70623efff | Private Memory | rw |
|
|
|
- |
| net.exe | 0x7ff7067c0000 | 0x7ff7067dcfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #98: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #98 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:04:24, Reason: Child Process |
| Unmonitor | End Time: 00:04:26, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x531c |
| Parent PID | 0x50b8 (c:\windows\system32\net.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
5320
0x
5358
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x00000098350b0000 | 0x98350b0000 | 0x98350cffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000098350b0000 | 0x98350b0000 | 0x98350bffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x00000098350c0000 | 0x98350c0000 | 0x98350c6fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000098350d0000 | 0x98350d0000 | 0x98350e3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000098350f0000 | 0x98350f0000 | 0x983516ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000009835170000 | 0x9835170000 | 0x9835173fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000009835180000 | 0x9835180000 | 0x9835180fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000009835190000 | 0x9835190000 | 0x9835191fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x98351a0000 | 0x983525dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000009835260000 | 0x9835260000 | 0x98352dffff | Private Memory | rw |
|
|
|
- |
| private_0x00000098352e0000 | 0x98352e0000 | 0x98352e6fff | Private Memory | rw |
|
|
|
- |
| private_0x00000098352f0000 | 0x98352f0000 | 0x98353effff | Private Memory | rw |
|
|
|
- |
| netmsg.dll | 0x98353f0000 | 0x98353f2fff | Memory Mapped File | rwx |
|
|
|
- |
| netmsg.dll.mui | 0x9835400000 | 0x9835431fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000009835570000 | 0x9835570000 | 0x983557ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff900000 | 0x7df5ff900000 | 0x7ff5ff8fffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff71a050000 | 0x7ff71a050000 | 0x7ff71a14ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff71a150000 | 0x7ff71a150000 | 0x7ff71a172fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff71a177000 | 0x7ff71a177000 | 0x7ff71a177fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff71a17c000 | 0x7ff71a17c000 | 0x7ff71a17dfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff71a17e000 | 0x7ff71a17e000 | 0x7ff71a17ffff | Private Memory | rw |
|
|
|
- |
| net1.exe | 0x7ff71a490000 | 0x7ff71a4cbfff | Memory Mapped File | rwx |
|
|
|
- |
| browcli.dll | 0x7ffc505b0000 | 0x7ffc505c3fff | Memory Mapped File | rwx |
|
|
|
- |
| samcli.dll | 0x7ffc50ec0000 | 0x7ffc50ed7fff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x7ffc514b0000 | 0x7ffc514c5fff | Memory Mapped File | rwx |
|
|
|
- |
| dsrole.dll | 0x7ffc51ca0000 | 0x7ffc51ca9fff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x7ffc53830000 | 0x7ffc5383bfff | Memory Mapped File | rwx |
|
|
|
- |
| srvcli.dll | 0x7ffc53840000 | 0x7ffc53865fff | Memory Mapped File | rwx |
|
|
|
- |
| logoncli.dll | 0x7ffc53ba0000 | 0x7ffc53bddfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Threads
Thread 0x5320
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\system32\net1.exe, base_address = 0x7ff71a490000 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = SAMSS |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Info | service_name = SAMSS |
|
1 | |
| Module | Load | module_name = NETMSG, base_address = 0x98353f0000 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 71 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 52 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 |
Process #99: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #99 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:04:24, Reason: Child Process |
| Unmonitor | End Time: 00:04:25, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x53cc |
| Parent PID | 0x525c (c:\windows\system32\net.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
53D0
0x
53D4
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x0000006149a90000 | 0x6149a90000 | 0x6149aaffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000006149a90000 | 0x6149a90000 | 0x6149a9ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000006149aa0000 | 0x6149aa0000 | 0x6149aa6fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000006149ab0000 | 0x6149ab0000 | 0x6149ac3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000006149ad0000 | 0x6149ad0000 | 0x6149b4ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000006149b50000 | 0x6149b50000 | 0x6149b53fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000006149b60000 | 0x6149b60000 | 0x6149b60fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000006149b70000 | 0x6149b70000 | 0x6149b71fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x6149b80000 | 0x6149c3dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000006149c40000 | 0x6149c40000 | 0x6149cbffff | Private Memory | rw |
|
|
|
- |
| private_0x0000006149cc0000 | 0x6149cc0000 | 0x6149cc6fff | Private Memory | rw |
|
|
|
- |
| netmsg.dll | 0x6149cd0000 | 0x6149cd2fff | Memory Mapped File | rwx |
|
|
|
- |
| netmsg.dll.mui | 0x6149ce0000 | 0x6149d11fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000006149d40000 | 0x6149d40000 | 0x6149e3ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000006149f90000 | 0x6149f90000 | 0x6149f9ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ffd30000 | 0x7df5ffd30000 | 0x7ff5ffd2ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff719a90000 | 0x7ff719a90000 | 0x7ff719b8ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff719b90000 | 0x7ff719b90000 | 0x7ff719bb2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff719bbb000 | 0x7ff719bbb000 | 0x7ff719bbcfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff719bbd000 | 0x7ff719bbd000 | 0x7ff719bbefff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff719bbf000 | 0x7ff719bbf000 | 0x7ff719bbffff | Private Memory | rw |
|
|
|
- |
| net1.exe | 0x7ff71a490000 | 0x7ff71a4cbfff | Memory Mapped File | rwx |
|
|
|
- |
| browcli.dll | 0x7ffc505b0000 | 0x7ffc505c3fff | Memory Mapped File | rwx |
|
|
|
- |
| samcli.dll | 0x7ffc50ec0000 | 0x7ffc50ed7fff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x7ffc514b0000 | 0x7ffc514c5fff | Memory Mapped File | rwx |
|
|
|
- |
| dsrole.dll | 0x7ffc51ca0000 | 0x7ffc51ca9fff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x7ffc53830000 | 0x7ffc5383bfff | Memory Mapped File | rwx |
|
|
|
- |
| srvcli.dll | 0x7ffc53840000 | 0x7ffc53865fff | Memory Mapped File | rwx |
|
|
|
- |
| logoncli.dll | 0x7ffc53ba0000 | 0x7ffc53bddfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Threads
Thread 0x53d0
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\system32\net1.exe, base_address = 0x7ff71a490000 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = SAMSS |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Info | service_name = SAMSS |
|
1 | |
| Module | Load | module_name = NETMSG, base_address = 0x6149cd0000 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 71 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 52 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 |
Process #100: net.exe
0
0
| Information | Value |
|---|---|
| ID | #100 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:04:32, Reason: Child Process |
| Unmonitor | End Time: 00:04:36, Reason: Self Terminated |
| Monitor Duration | 00:00:04 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x576c |
| Parent PID | 0x52c (c:\users\public\mksmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
5770
0x
58D0
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x0000002a2d990000 | 0x2a2d990000 | 0x2a2d9affff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000002a2d990000 | 0x2a2d990000 | 0x2a2d99ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000002a2d9b0000 | 0x2a2d9b0000 | 0x2a2d9c3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000002a2d9d0000 | 0x2a2d9d0000 | 0x2a2da4ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000002a2da50000 | 0x2a2da50000 | 0x2a2da53fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000002a2da60000 | 0x2a2da60000 | 0x2a2da60fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000002a2da70000 | 0x2a2da70000 | 0x2a2da71fff | Private Memory | rw |
|
|
|
- |
| private_0x0000002a2dac0000 | 0x2a2dac0000 | 0x2a2dbbffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x2a2dbc0000 | 0x2a2dc7dfff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x00007df5ffdc0000 | 0x7df5ffdc0000 | 0x7ff5ffdbffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff7064e0000 | 0x7ff7064e0000 | 0x7ff7065dffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff7065e0000 | 0x7ff7065e0000 | 0x7ff706602fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff706605000 | 0x7ff706605000 | 0x7ff706605fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff70660e000 | 0x7ff70660e000 | 0x7ff70660ffff | Private Memory | rw |
|
|
|
- |
| net.exe | 0x7ff7067c0000 | 0x7ff7067dcfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #102: net.exe
0
0
| Information | Value |
|---|---|
| ID | #102 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:04:35, Reason: Child Process |
| Unmonitor | End Time: 00:04:37, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x58dc |
| Parent PID | 0x52c (c:\users\public\mksmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
58E0
0x
5908
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x0000007008590000 | 0x7008590000 | 0x70085affff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000007008590000 | 0x7008590000 | 0x700859ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x00000070085b0000 | 0x70085b0000 | 0x70085c3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000070085d0000 | 0x70085d0000 | 0x700864ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000007008650000 | 0x7008650000 | 0x7008653fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000007008660000 | 0x7008660000 | 0x7008660fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000007008670000 | 0x7008670000 | 0x7008671fff | Private Memory | rw |
|
|
|
- |
| private_0x00000070086c0000 | 0x70086c0000 | 0x70087bffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x70087c0000 | 0x700887dfff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x00007df5ffc60000 | 0x7df5ffc60000 | 0x7ff5ffc5ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff705750000 | 0x7ff705750000 | 0x7ff70584ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff705850000 | 0x7ff705850000 | 0x7ff705872fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff70587d000 | 0x7ff70587d000 | 0x7ff70587efff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff70587f000 | 0x7ff70587f000 | 0x7ff70587ffff | Private Memory | rw |
|
|
|
- |
| net.exe | 0x7ff7067c0000 | 0x7ff7067dcfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #104: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #104 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:04:35, Reason: Child Process |
| Unmonitor | End Time: 00:04:36, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x58f4 |
| Parent PID | 0x576c (c:\windows\system32\net.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
58F8
0x
5904
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000e33c160000 | 0xe33c160000 | 0xe33c17ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000e33c160000 | 0xe33c160000 | 0xe33c16ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000e33c170000 | 0xe33c170000 | 0xe33c176fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000e33c180000 | 0xe33c180000 | 0xe33c193fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000e33c1a0000 | 0xe33c1a0000 | 0xe33c21ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000e33c220000 | 0xe33c220000 | 0xe33c223fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000e33c230000 | 0xe33c230000 | 0xe33c230fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000e33c240000 | 0xe33c240000 | 0xe33c241fff | Private Memory | rw |
|
|
|
- |
| private_0x000000e33c250000 | 0xe33c250000 | 0xe33c256fff | Private Memory | rw |
|
|
|
- |
| private_0x000000e33c260000 | 0xe33c260000 | 0xe33c26ffff | Private Memory | rw |
|
|
|
- |
| netmsg.dll | 0xe33c270000 | 0xe33c272fff | Memory Mapped File | rwx |
|
|
|
- |
| netmsg.dll.mui | 0xe33c280000 | 0xe33c2b1fff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000e33c2c0000 | 0xe33c2c0000 | 0xe33c3bffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0xe33c3c0000 | 0xe33c47dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000e33c480000 | 0xe33c480000 | 0xe33c4fffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ffa90000 | 0x7df5ffa90000 | 0x7ff5ffa8ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff71a050000 | 0x7ff71a050000 | 0x7ff71a14ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff71a150000 | 0x7ff71a150000 | 0x7ff71a172fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff71a17b000 | 0x7ff71a17b000 | 0x7ff71a17cfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff71a17d000 | 0x7ff71a17d000 | 0x7ff71a17efff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff71a17f000 | 0x7ff71a17f000 | 0x7ff71a17ffff | Private Memory | rw |
|
|
|
- |
| net1.exe | 0x7ff71a490000 | 0x7ff71a4cbfff | Memory Mapped File | rwx |
|
|
|
- |
| browcli.dll | 0x7ffc505b0000 | 0x7ffc505c3fff | Memory Mapped File | rwx |
|
|
|
- |
| samcli.dll | 0x7ffc50ec0000 | 0x7ffc50ed7fff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x7ffc514b0000 | 0x7ffc514c5fff | Memory Mapped File | rwx |
|
|
|
- |
| dsrole.dll | 0x7ffc51ca0000 | 0x7ffc51ca9fff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x7ffc53830000 | 0x7ffc5383bfff | Memory Mapped File | rwx |
|
|
|
- |
| srvcli.dll | 0x7ffc53840000 | 0x7ffc53865fff | Memory Mapped File | rwx |
|
|
|
- |
| logoncli.dll | 0x7ffc53ba0000 | 0x7ffc53bddfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Threads
Thread 0x58f8
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\system32\net1.exe, base_address = 0x7ff71a490000 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = SAMSS |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Info | service_name = SAMSS |
|
1 | |
| Module | Load | module_name = NETMSG, base_address = 0xe33c270000 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 71 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 52 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 |
Process #105: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #105 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:04:36, Reason: Child Process |
| Unmonitor | End Time: 00:04:37, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x590c |
| Parent PID | 0x58dc (c:\windows\system32\net.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
5910
0x
5914
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000ac9cb00000 | 0xac9cb00000 | 0xac9cb1ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000ac9cb00000 | 0xac9cb00000 | 0xac9cb0ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000ac9cb10000 | 0xac9cb10000 | 0xac9cb16fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000ac9cb20000 | 0xac9cb20000 | 0xac9cb33fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000ac9cb40000 | 0xac9cb40000 | 0xac9cbbffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000ac9cbc0000 | 0xac9cbc0000 | 0xac9cbc3fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000ac9cbd0000 | 0xac9cbd0000 | 0xac9cbd0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000ac9cbe0000 | 0xac9cbe0000 | 0xac9cbe1fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0xac9cbf0000 | 0xac9ccadfff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000ac9ccb0000 | 0xac9ccb0000 | 0xac9cd2ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ac9cd30000 | 0xac9cd30000 | 0xac9cd36fff | Private Memory | rw |
|
|
|
- |
| netmsg.dll | 0xac9cd40000 | 0xac9cd42fff | Memory Mapped File | rwx |
|
|
|
- |
| netmsg.dll.mui | 0xac9cd50000 | 0xac9cd81fff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000ac9cdc0000 | 0xac9cdc0000 | 0xac9cebffff | Private Memory | rw |
|
|
|
- |
| private_0x000000ac9cf90000 | 0xac9cf90000 | 0xac9cf9ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff5e0000 | 0x7df5ff5e0000 | 0x7ff5ff5dffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff719b10000 | 0x7ff719b10000 | 0x7ff719c0ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff719c10000 | 0x7ff719c10000 | 0x7ff719c32fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff719c37000 | 0x7ff719c37000 | 0x7ff719c37fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff719c3c000 | 0x7ff719c3c000 | 0x7ff719c3dfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff719c3e000 | 0x7ff719c3e000 | 0x7ff719c3ffff | Private Memory | rw |
|
|
|
- |
| net1.exe | 0x7ff71a490000 | 0x7ff71a4cbfff | Memory Mapped File | rwx |
|
|
|
- |
| browcli.dll | 0x7ffc505b0000 | 0x7ffc505c3fff | Memory Mapped File | rwx |
|
|
|
- |
| samcli.dll | 0x7ffc50ec0000 | 0x7ffc50ed7fff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x7ffc514b0000 | 0x7ffc514c5fff | Memory Mapped File | rwx |
|
|
|
- |
| dsrole.dll | 0x7ffc51ca0000 | 0x7ffc51ca9fff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x7ffc53830000 | 0x7ffc5383bfff | Memory Mapped File | rwx |
|
|
|
- |
| srvcli.dll | 0x7ffc53840000 | 0x7ffc53865fff | Memory Mapped File | rwx |
|
|
|
- |
| logoncli.dll | 0x7ffc53ba0000 | 0x7ffc53bddfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Threads
Thread 0x5910
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\system32\net1.exe, base_address = 0x7ff71a490000 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = SAMSS |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Info | service_name = SAMSS |
|
1 | |
| Module | Load | module_name = NETMSG, base_address = 0xac9cd40000 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 71 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 52 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 |
Process #106: net.exe
0
0
| Information | Value |
|---|---|
| ID | #106 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:04:43, Reason: Child Process |
| Unmonitor | End Time: 00:04:50, Reason: Self Terminated |
| Monitor Duration | 00:00:07 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x5b1c |
| Parent PID | 0x52c (c:\users\public\mksmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
5B20
0x
5BB4
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x00000035ad320000 | 0x35ad320000 | 0x35ad33ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000035ad320000 | 0x35ad320000 | 0x35ad32ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x00000035ad340000 | 0x35ad340000 | 0x35ad353fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000035ad360000 | 0x35ad360000 | 0x35ad3dffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000035ad3e0000 | 0x35ad3e0000 | 0x35ad3e3fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000035ad3f0000 | 0x35ad3f0000 | 0x35ad3f0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000035ad400000 | 0x35ad400000 | 0x35ad401fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x35ad410000 | 0x35ad4cdfff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000035ad520000 | 0x35ad520000 | 0x35ad61ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff590000 | 0x7df5ff590000 | 0x7ff5ff58ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff705e20000 | 0x7ff705e20000 | 0x7ff705f1ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff705f20000 | 0x7ff705f20000 | 0x7ff705f42fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff705f4a000 | 0x7ff705f4a000 | 0x7ff705f4afff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff705f4e000 | 0x7ff705f4e000 | 0x7ff705f4ffff | Private Memory | rw |
|
|
|
- |
| net.exe | 0x7ff7067c0000 | 0x7ff7067dcfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #108: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #108 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:04:45, Reason: Child Process |
| Unmonitor | End Time: 00:04:49, Reason: Self Terminated |
| Monitor Duration | 00:00:04 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x5bc4 |
| Parent PID | 0x5b1c (c:\windows\system32\net.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
5BC8
0x
5BEC
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000ddc3b10000 | 0xddc3b10000 | 0xddc3b2ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000ddc3b10000 | 0xddc3b10000 | 0xddc3b1ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000ddc3b20000 | 0xddc3b20000 | 0xddc3b26fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000ddc3b30000 | 0xddc3b30000 | 0xddc3b43fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000ddc3b50000 | 0xddc3b50000 | 0xddc3bcffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000ddc3bd0000 | 0xddc3bd0000 | 0xddc3bd3fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000ddc3be0000 | 0xddc3be0000 | 0xddc3be0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000ddc3bf0000 | 0xddc3bf0000 | 0xddc3bf1fff | Private Memory | rw |
|
|
|
- |
| private_0x000000ddc3c00000 | 0xddc3c00000 | 0xddc3c06fff | Private Memory | rw |
|
|
|
- |
| netmsg.dll | 0xddc3c10000 | 0xddc3c12fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000ddc3c50000 | 0xddc3c50000 | 0xddc3d4ffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0xddc3d50000 | 0xddc3e0dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000ddc3e10000 | 0xddc3e10000 | 0xddc3e8ffff | Private Memory | rw |
|
|
|
- |
| netmsg.dll.mui | 0xddc3e90000 | 0xddc3ec1fff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000ddc3ff0000 | 0xddc3ff0000 | 0xddc3ffffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff080000 | 0x7df5ff080000 | 0x7ff5ff07ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff719b10000 | 0x7ff719b10000 | 0x7ff719c0ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff719c10000 | 0x7ff719c10000 | 0x7ff719c32fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff719c36000 | 0x7ff719c36000 | 0x7ff719c36fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff719c3c000 | 0x7ff719c3c000 | 0x7ff719c3dfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff719c3e000 | 0x7ff719c3e000 | 0x7ff719c3ffff | Private Memory | rw |
|
|
|
- |
| net1.exe | 0x7ff71a490000 | 0x7ff71a4cbfff | Memory Mapped File | rwx |
|
|
|
- |
| browcli.dll | 0x7ffc505b0000 | 0x7ffc505c3fff | Memory Mapped File | rwx |
|
|
|
- |
| samcli.dll | 0x7ffc50ec0000 | 0x7ffc50ed7fff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x7ffc514b0000 | 0x7ffc514c5fff | Memory Mapped File | rwx |
|
|
|
- |
| dsrole.dll | 0x7ffc51ca0000 | 0x7ffc51ca9fff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x7ffc53830000 | 0x7ffc5383bfff | Memory Mapped File | rwx |
|
|
|
- |
| srvcli.dll | 0x7ffc53840000 | 0x7ffc53865fff | Memory Mapped File | rwx |
|
|
|
- |
| logoncli.dll | 0x7ffc53ba0000 | 0x7ffc53bddfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Threads
Thread 0x5bc8
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\system32\net1.exe, base_address = 0x7ff71a490000 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = SAMSS |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Info | service_name = SAMSS |
|
1 | |
| Module | Load | module_name = NETMSG, base_address = 0xddc3c10000 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 71 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 52 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 |
Process #109: net.exe
0
0
| Information | Value |
|---|---|
| ID | #109 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:04:46, Reason: Child Process |
| Unmonitor | End Time: 00:04:49, Reason: Self Terminated |
| Monitor Duration | 00:00:03 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x5904 |
| Parent PID | 0x52c (c:\users\public\mksmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
58F4
0x
58F0
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x0000001221e40000 | 0x1221e40000 | 0x1221e5ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000001221e40000 | 0x1221e40000 | 0x1221e4ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000001221e60000 | 0x1221e60000 | 0x1221e73fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000001221e80000 | 0x1221e80000 | 0x1221efffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000001221f00000 | 0x1221f00000 | 0x1221f03fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000001221f10000 | 0x1221f10000 | 0x1221f10fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000001221f20000 | 0x1221f20000 | 0x1221f21fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x1221f30000 | 0x1221fedfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000001222090000 | 0x1222090000 | 0x122218ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff2b0000 | 0x7df5ff2b0000 | 0x7ff5ff2affff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff706000000 | 0x7ff706000000 | 0x7ff7060fffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff706100000 | 0x7ff706100000 | 0x7ff706122fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff70612d000 | 0x7ff70612d000 | 0x7ff70612efff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff70612f000 | 0x7ff70612f000 | 0x7ff70612ffff | Private Memory | rw |
|
|
|
- |
| net.exe | 0x7ff7067c0000 | 0x7ff7067dcfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #111: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #111 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:04:48, Reason: Child Process |
| Unmonitor | End Time: 00:04:50, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x5c84 |
| Parent PID | 0x5904 (c:\windows\system32\net.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
5C88
0x
5D44
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000f7d5bf0000 | 0xf7d5bf0000 | 0xf7d5c0ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000f7d5bf0000 | 0xf7d5bf0000 | 0xf7d5bfffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000f7d5c00000 | 0xf7d5c00000 | 0xf7d5c06fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000f7d5c10000 | 0xf7d5c10000 | 0xf7d5c23fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000f7d5c30000 | 0xf7d5c30000 | 0xf7d5caffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000f7d5cb0000 | 0xf7d5cb0000 | 0xf7d5cb3fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000f7d5cc0000 | 0xf7d5cc0000 | 0xf7d5cc0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000f7d5cd0000 | 0xf7d5cd0000 | 0xf7d5cd1fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0xf7d5ce0000 | 0xf7d5d9dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000f7d5da0000 | 0xf7d5da0000 | 0xf7d5da6fff | Private Memory | rw |
|
|
|
- |
| netmsg.dll | 0xf7d5db0000 | 0xf7d5db2fff | Memory Mapped File | rwx |
|
|
|
- |
| netmsg.dll.mui | 0xf7d5dc0000 | 0xf7d5df1fff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000f7d5e10000 | 0xf7d5e10000 | 0xf7d5f0ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000f7d5f10000 | 0xf7d5f10000 | 0xf7d5f8ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000f7d60e0000 | 0xf7d60e0000 | 0xf7d60effff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff610000 | 0x7df5ff610000 | 0x7ff5ff60ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff719510000 | 0x7ff719510000 | 0x7ff71960ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff719610000 | 0x7ff719610000 | 0x7ff719632fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff71963a000 | 0x7ff71963a000 | 0x7ff71963bfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff71963c000 | 0x7ff71963c000 | 0x7ff71963dfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff71963e000 | 0x7ff71963e000 | 0x7ff71963efff | Private Memory | rw |
|
|
|
- |
| net1.exe | 0x7ff71a490000 | 0x7ff71a4cbfff | Memory Mapped File | rwx |
|
|
|
- |
| browcli.dll | 0x7ffc505b0000 | 0x7ffc505c3fff | Memory Mapped File | rwx |
|
|
|
- |
| samcli.dll | 0x7ffc50ec0000 | 0x7ffc50ed7fff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x7ffc514b0000 | 0x7ffc514c5fff | Memory Mapped File | rwx |
|
|
|
- |
| dsrole.dll | 0x7ffc51ca0000 | 0x7ffc51ca9fff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x7ffc53830000 | 0x7ffc5383bfff | Memory Mapped File | rwx |
|
|
|
- |
| srvcli.dll | 0x7ffc53840000 | 0x7ffc53865fff | Memory Mapped File | rwx |
|
|
|
- |
| logoncli.dll | 0x7ffc53ba0000 | 0x7ffc53bddfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Threads
Thread 0x5c88
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\system32\net1.exe, base_address = 0x7ff71a490000 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = SAMSS |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Info | service_name = SAMSS |
|
1 | |
| Module | Load | module_name = NETMSG, base_address = 0xf7d5db0000 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 71 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 52 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 |
Process #112: net.exe
0
0
| Information | Value |
|---|---|
| ID | #112 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:04:53, Reason: Child Process |
| Unmonitor | End Time: 00:04:55, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x5e50 |
| Parent PID | 0x52c (c:\users\public\mksmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
5E54
0x
5EAC
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x0000001f68540000 | 0x1f68540000 | 0x1f6855ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000001f68540000 | 0x1f68540000 | 0x1f6854ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000001f68560000 | 0x1f68560000 | 0x1f68573fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000001f68580000 | 0x1f68580000 | 0x1f685fffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000001f68600000 | 0x1f68600000 | 0x1f68603fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000001f68610000 | 0x1f68610000 | 0x1f68610fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000001f68620000 | 0x1f68620000 | 0x1f68621fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x1f68630000 | 0x1f686edfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000001f687d0000 | 0x1f687d0000 | 0x1f688cffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff6a0000 | 0x7df5ff6a0000 | 0x7ff5ff69ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff705880000 | 0x7ff705880000 | 0x7ff70597ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff705980000 | 0x7ff705980000 | 0x7ff7059a2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff7059ad000 | 0x7ff7059ad000 | 0x7ff7059aefff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7059af000 | 0x7ff7059af000 | 0x7ff7059affff | Private Memory | rw |
|
|
|
- |
| net.exe | 0x7ff7067c0000 | 0x7ff7067dcfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #114: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #114 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:04:54, Reason: Child Process |
| Unmonitor | End Time: 00:04:54, Reason: Self Terminated |
| Monitor Duration | 00:00:00 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x5eb0 |
| Parent PID | 0x5e50 (c:\windows\system32\net.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
5EB4
0x
5ECC
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000d36c270000 | 0xd36c270000 | 0xd36c28ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000d36c270000 | 0xd36c270000 | 0xd36c27ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000d36c280000 | 0xd36c280000 | 0xd36c286fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000d36c290000 | 0xd36c290000 | 0xd36c2a3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000d36c2b0000 | 0xd36c2b0000 | 0xd36c32ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000d36c330000 | 0xd36c330000 | 0xd36c333fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000d36c340000 | 0xd36c340000 | 0xd36c340fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000d36c350000 | 0xd36c350000 | 0xd36c351fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0xd36c360000 | 0xd36c41dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000d36c420000 | 0xd36c420000 | 0xd36c51ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000d36c520000 | 0xd36c520000 | 0xd36c59ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000d36c5a0000 | 0xd36c5a0000 | 0xd36c5a6fff | Private Memory | rw |
|
|
|
- |
| netmsg.dll | 0xd36c5b0000 | 0xd36c5b2fff | Memory Mapped File | rwx |
|
|
|
- |
| netmsg.dll.mui | 0xd36c5c0000 | 0xd36c5f1fff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000d36c700000 | 0xd36c700000 | 0xd36c70ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff470000 | 0x7df5ff470000 | 0x7ff5ff46ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff7198b0000 | 0x7ff7198b0000 | 0x7ff7199affff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff7199b0000 | 0x7ff7199b0000 | 0x7ff7199d2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff7199db000 | 0x7ff7199db000 | 0x7ff7199dcfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7199dd000 | 0x7ff7199dd000 | 0x7ff7199ddfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7199de000 | 0x7ff7199de000 | 0x7ff7199dffff | Private Memory | rw |
|
|
|
- |
| net1.exe | 0x7ff71a490000 | 0x7ff71a4cbfff | Memory Mapped File | rwx |
|
|
|
- |
| browcli.dll | 0x7ffc505a0000 | 0x7ffc505b3fff | Memory Mapped File | rwx |
|
|
|
- |
| samcli.dll | 0x7ffc50ec0000 | 0x7ffc50ed7fff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x7ffc514b0000 | 0x7ffc514c5fff | Memory Mapped File | rwx |
|
|
|
- |
| dsrole.dll | 0x7ffc51ca0000 | 0x7ffc51ca9fff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x7ffc53830000 | 0x7ffc5383bfff | Memory Mapped File | rwx |
|
|
|
- |
| srvcli.dll | 0x7ffc53840000 | 0x7ffc53865fff | Memory Mapped File | rwx |
|
|
|
- |
| logoncli.dll | 0x7ffc53ba0000 | 0x7ffc53bddfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Threads
Thread 0x5eb4
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\system32\net1.exe, base_address = 0x7ff71a490000 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = SAMSS |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Info | service_name = SAMSS |
|
1 | |
| Module | Load | module_name = NETMSG, base_address = 0xd36c5b0000 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 71 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 52 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 |
Process #115: net.exe
0
0
| Information | Value |
|---|---|
| ID | #115 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:04:56, Reason: Child Process |
| Unmonitor | End Time: 00:04:59, Reason: Self Terminated |
| Monitor Duration | 00:00:03 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x5f58 |
| Parent PID | 0x52c (c:\users\public\mksmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
5F5C
0x
5F94
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x0000003e74330000 | 0x3e74330000 | 0x3e7434ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000003e74330000 | 0x3e74330000 | 0x3e7433ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000003e74350000 | 0x3e74350000 | 0x3e74363fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000003e74370000 | 0x3e74370000 | 0x3e743effff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000003e743f0000 | 0x3e743f0000 | 0x3e743f3fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000003e74400000 | 0x3e74400000 | 0x3e74400fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000003e74410000 | 0x3e74410000 | 0x3e74411fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x3e74420000 | 0x3e744ddfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000003e745f0000 | 0x3e745f0000 | 0x3e746effff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5fff20000 | 0x7df5fff20000 | 0x7ff5fff1ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff7057a0000 | 0x7ff7057a0000 | 0x7ff70589ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff7058a0000 | 0x7ff7058a0000 | 0x7ff7058c2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff7058cb000 | 0x7ff7058cb000 | 0x7ff7058cbfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7058ce000 | 0x7ff7058ce000 | 0x7ff7058cffff | Private Memory | rw |
|
|
|
- |
| net.exe | 0x7ff7067c0000 | 0x7ff7067dcfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #117: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #117 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:04:57, Reason: Child Process |
| Unmonitor | End Time: 00:04:58, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x5fa8 |
| Parent PID | 0x5f58 (c:\windows\system32\net.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
5FAC
0x
5FB0
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000df0e8a0000 | 0xdf0e8a0000 | 0xdf0e8bffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000df0e8a0000 | 0xdf0e8a0000 | 0xdf0e8affff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000df0e8b0000 | 0xdf0e8b0000 | 0xdf0e8b6fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000df0e8c0000 | 0xdf0e8c0000 | 0xdf0e8d3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000df0e8e0000 | 0xdf0e8e0000 | 0xdf0e95ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000df0e960000 | 0xdf0e960000 | 0xdf0e963fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000df0e970000 | 0xdf0e970000 | 0xdf0e970fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000df0e980000 | 0xdf0e980000 | 0xdf0e981fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0xdf0e990000 | 0xdf0ea4dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000df0ea50000 | 0xdf0ea50000 | 0xdf0eacffff | Private Memory | rw |
|
|
|
- |
| private_0x000000df0ead0000 | 0xdf0ead0000 | 0xdf0ead6fff | Private Memory | rw |
|
|
|
- |
| netmsg.dll | 0xdf0eae0000 | 0xdf0eae2fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000df0eb00000 | 0xdf0eb00000 | 0xdf0ebfffff | Private Memory | rw |
|
|
|
- |
| netmsg.dll.mui | 0xdf0ec00000 | 0xdf0ec31fff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000df0ec60000 | 0xdf0ec60000 | 0xdf0ec6ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff240000 | 0x7df5ff240000 | 0x7ff5ff23ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff719600000 | 0x7ff719600000 | 0x7ff7196fffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff719700000 | 0x7ff719700000 | 0x7ff719722fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff719725000 | 0x7ff719725000 | 0x7ff719725fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff71972c000 | 0x7ff71972c000 | 0x7ff71972dfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff71972e000 | 0x7ff71972e000 | 0x7ff71972ffff | Private Memory | rw |
|
|
|
- |
| net1.exe | 0x7ff71a490000 | 0x7ff71a4cbfff | Memory Mapped File | rwx |
|
|
|
- |
| browcli.dll | 0x7ffc505a0000 | 0x7ffc505b3fff | Memory Mapped File | rwx |
|
|
|
- |
| samcli.dll | 0x7ffc50ec0000 | 0x7ffc50ed7fff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x7ffc514b0000 | 0x7ffc514c5fff | Memory Mapped File | rwx |
|
|
|
- |
| dsrole.dll | 0x7ffc51ca0000 | 0x7ffc51ca9fff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x7ffc53830000 | 0x7ffc5383bfff | Memory Mapped File | rwx |
|
|
|
- |
| srvcli.dll | 0x7ffc53840000 | 0x7ffc53865fff | Memory Mapped File | rwx |
|
|
|
- |
| logoncli.dll | 0x7ffc53ba0000 | 0x7ffc53bddfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Threads
Thread 0x5fac
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\system32\net1.exe, base_address = 0x7ff71a490000 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = SAMSS |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Info | service_name = SAMSS |
|
1 | |
| Module | Load | module_name = NETMSG, base_address = 0xdf0eae0000 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 71 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 52 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 |
Process #118: net.exe
0
0
| Information | Value |
|---|---|
| ID | #118 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:05:03, Reason: Child Process |
| Unmonitor | End Time: 00:05:07, Reason: Self Terminated |
| Monitor Duration | 00:00:04 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x6498 |
| Parent PID | 0x52c (c:\users\public\mksmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
649C
0x
64B8
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000777dbf0000 | 0x777dbf0000 | 0x777dc0ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000777dbf0000 | 0x777dbf0000 | 0x777dbfffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x000000777dc10000 | 0x777dc10000 | 0x777dc23fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000777dc30000 | 0x777dc30000 | 0x777dcaffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000777dcb0000 | 0x777dcb0000 | 0x777dcb3fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000777dcc0000 | 0x777dcc0000 | 0x777dcc0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000777dcd0000 | 0x777dcd0000 | 0x777dcd1fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x777dce0000 | 0x777dd9dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000777dde0000 | 0x777dde0000 | 0x777dedffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ff2d0000 | 0x7df5ff2d0000 | 0x7ff5ff2cffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff7062a0000 | 0x7ff7062a0000 | 0x7ff70639ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff7063a0000 | 0x7ff7063a0000 | 0x7ff7063c2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff7063c4000 | 0x7ff7063c4000 | 0x7ff7063c4fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7063ce000 | 0x7ff7063ce000 | 0x7ff7063cffff | Private Memory | rw |
|
|
|
- |
| net.exe | 0x7ff7067c0000 | 0x7ff7067dcfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #120: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #120 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:05:04, Reason: Child Process |
| Unmonitor | End Time: 00:05:06, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x64d0 |
| Parent PID | 0x6498 (c:\windows\system32\net.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
64D4
0x
64E8
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x0000000dc36e0000 | 0xdc36e0000 | 0xdc36fffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000dc36e0000 | 0xdc36e0000 | 0xdc36effff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000dc36f0000 | 0xdc36f0000 | 0xdc36f6fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000dc3700000 | 0xdc3700000 | 0xdc3713fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000dc3720000 | 0xdc3720000 | 0xdc379ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000dc37a0000 | 0xdc37a0000 | 0xdc37a3fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000dc37b0000 | 0xdc37b0000 | 0xdc37b0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000dc37c0000 | 0xdc37c0000 | 0xdc37c1fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000dc37d0000 | 0xdc37d0000 | 0xdc384ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000dc3850000 | 0xdc3850000 | 0xdc394ffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0xdc3950000 | 0xdc3a0dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000dc3a10000 | 0xdc3a10000 | 0xdc3a1ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000dc3a20000 | 0xdc3a20000 | 0xdc3a26fff | Private Memory | rw |
|
|
|
- |
| netmsg.dll | 0xdc3a30000 | 0xdc3a32fff | Memory Mapped File | rwx |
|
|
|
- |
| netmsg.dll.mui | 0xdc3a40000 | 0xdc3a71fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x00007df5ff970000 | 0x7df5ff970000 | 0x7ff5ff96ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff71a0a0000 | 0x7ff71a0a0000 | 0x7ff71a19ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff71a1a0000 | 0x7ff71a1a0000 | 0x7ff71a1c2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff71a1ca000 | 0x7ff71a1ca000 | 0x7ff71a1cafff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff71a1cc000 | 0x7ff71a1cc000 | 0x7ff71a1cdfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff71a1ce000 | 0x7ff71a1ce000 | 0x7ff71a1cffff | Private Memory | rw |
|
|
|
- |
| net1.exe | 0x7ff71a490000 | 0x7ff71a4cbfff | Memory Mapped File | rwx |
|
|
|
- |
| browcli.dll | 0x7ffc505a0000 | 0x7ffc505b3fff | Memory Mapped File | rwx |
|
|
|
- |
| samcli.dll | 0x7ffc50ec0000 | 0x7ffc50ed7fff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x7ffc514b0000 | 0x7ffc514c5fff | Memory Mapped File | rwx |
|
|
|
- |
| dsrole.dll | 0x7ffc51ca0000 | 0x7ffc51ca9fff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x7ffc53830000 | 0x7ffc5383bfff | Memory Mapped File | rwx |
|
|
|
- |
| srvcli.dll | 0x7ffc53840000 | 0x7ffc53865fff | Memory Mapped File | rwx |
|
|
|
- |
| logoncli.dll | 0x7ffc53ba0000 | 0x7ffc53bddfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Threads
Thread 0x64d4
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\system32\net1.exe, base_address = 0x7ff71a490000 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = SAMSS |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Info | service_name = SAMSS |
|
1 | |
| Module | Load | module_name = NETMSG, base_address = 0xdc3a30000 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 71 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 52 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 |
Process #121: net.exe
0
0
| Information | Value |
|---|---|
| ID | #121 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:05:07, Reason: Child Process |
| Unmonitor | End Time: 00:05:10, Reason: Self Terminated |
| Monitor Duration | 00:00:03 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x65a4 |
| Parent PID | 0x52c (c:\users\public\mksmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
65A8
0x
65F4
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x0000005420410000 | 0x5420410000 | 0x542042ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000005420410000 | 0x5420410000 | 0x542041ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000005420430000 | 0x5420430000 | 0x5420443fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000005420450000 | 0x5420450000 | 0x54204cffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000054204d0000 | 0x54204d0000 | 0x54204d3fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000054204e0000 | 0x54204e0000 | 0x54204e0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000054204f0000 | 0x54204f0000 | 0x54204f1fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x5420500000 | 0x54205bdfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000005420680000 | 0x5420680000 | 0x542077ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5ffbe0000 | 0x7df5ffbe0000 | 0x7ff5ffbdffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff705ec0000 | 0x7ff705ec0000 | 0x7ff705fbffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff705fc0000 | 0x7ff705fc0000 | 0x7ff705fe2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff705fec000 | 0x7ff705fec000 | 0x7ff705fecfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff705fee000 | 0x7ff705fee000 | 0x7ff705feffff | Private Memory | rw |
|
|
|
- |
| net.exe | 0x7ff7067c0000 | 0x7ff7067dcfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #123: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #123 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:05:07, Reason: Child Process |
| Unmonitor | End Time: 00:05:08, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x65f8 |
| Parent PID | 0x65a4 (c:\windows\system32\net.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
65FC
0x
661C
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000a48f330000 | 0xa48f330000 | 0xa48f34ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000a48f330000 | 0xa48f330000 | 0xa48f33ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x000000a48f340000 | 0xa48f340000 | 0xa48f346fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000a48f350000 | 0xa48f350000 | 0xa48f363fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000a48f370000 | 0xa48f370000 | 0xa48f3effff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000a48f3f0000 | 0xa48f3f0000 | 0xa48f3f3fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000a48f400000 | 0xa48f400000 | 0xa48f400fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000a48f410000 | 0xa48f410000 | 0xa48f411fff | Private Memory | rw |
|
|
|
- |
| private_0x000000a48f420000 | 0xa48f420000 | 0xa48f49ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000a48f4a0000 | 0xa48f4a0000 | 0xa48f59ffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0xa48f5a0000 | 0xa48f65dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000a48f660000 | 0xa48f660000 | 0xa48f666fff | Private Memory | rw |
|
|
|
- |
| netmsg.dll | 0xa48f670000 | 0xa48f672fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000a48f690000 | 0xa48f690000 | 0xa48f69ffff | Private Memory | rw |
|
|
|
- |
| netmsg.dll.mui | 0xa48f6a0000 | 0xa48f6d1fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x00007df5ffc80000 | 0x7df5ffc80000 | 0x7ff5ffc7ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff719f00000 | 0x7ff719f00000 | 0x7ff719ffffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff71a000000 | 0x7ff71a000000 | 0x7ff71a022fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff71a028000 | 0x7ff71a028000 | 0x7ff71a028fff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff71a02c000 | 0x7ff71a02c000 | 0x7ff71a02dfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff71a02e000 | 0x7ff71a02e000 | 0x7ff71a02ffff | Private Memory | rw |
|
|
|
- |
| net1.exe | 0x7ff71a490000 | 0x7ff71a4cbfff | Memory Mapped File | rwx |
|
|
|
- |
| browcli.dll | 0x7ffc505a0000 | 0x7ffc505b3fff | Memory Mapped File | rwx |
|
|
|
- |
| samcli.dll | 0x7ffc50ec0000 | 0x7ffc50ed7fff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x7ffc514b0000 | 0x7ffc514c5fff | Memory Mapped File | rwx |
|
|
|
- |
| dsrole.dll | 0x7ffc51ca0000 | 0x7ffc51ca9fff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x7ffc53830000 | 0x7ffc5383bfff | Memory Mapped File | rwx |
|
|
|
- |
| srvcli.dll | 0x7ffc53840000 | 0x7ffc53865fff | Memory Mapped File | rwx |
|
|
|
- |
| logoncli.dll | 0x7ffc53ba0000 | 0x7ffc53bddfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Threads
Thread 0x65fc
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\system32\net1.exe, base_address = 0x7ff71a490000 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = SAMSS |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Info | service_name = SAMSS |
|
1 | |
| Module | Load | module_name = NETMSG, base_address = 0xa48f670000 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 71 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 52 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 |
Process #124: net.exe
0
0
| Information | Value |
|---|---|
| ID | #124 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:05:14, Reason: Child Process |
| Unmonitor | End Time: 00:05:16, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x3f0 |
| Parent PID | 0x52c (c:\users\public\mksmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
3CC
0x
6838
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000bfc7d50000 | 0xbfc7d50000 | 0xbfc7d6ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000bfc7d50000 | 0xbfc7d50000 | 0xbfc7d5ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x000000bfc7d70000 | 0xbfc7d70000 | 0xbfc7d83fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000bfc7d90000 | 0xbfc7d90000 | 0xbfc7e0ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000bfc7e10000 | 0xbfc7e10000 | 0xbfc7e13fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000bfc7e20000 | 0xbfc7e20000 | 0xbfc7e20fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000bfc7e30000 | 0xbfc7e30000 | 0xbfc7e31fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0xbfc7e40000 | 0xbfc7efdfff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000bfc7fd0000 | 0xbfc7fd0000 | 0xbfc80cffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00007df5fff00000 | 0x7df5fff00000 | 0x7ff5ffefffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff706180000 | 0x7ff706180000 | 0x7ff70627ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff706280000 | 0x7ff706280000 | 0x7ff7062a2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff7062ad000 | 0x7ff7062ad000 | 0x7ff7062aefff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff7062af000 | 0x7ff7062af000 | 0x7ff7062affff | Private Memory | rw |
|
|
|
- |
| net.exe | 0x7ff7067c0000 | 0x7ff7067dcfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #126: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #126 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:05:14, Reason: Child Process |
| Unmonitor | End Time: 00:05:16, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x683c |
| Parent PID | 0x3f0 (c:\windows\system32\net.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
6840
0x
6848
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x00000030d2db0000 | 0x30d2db0000 | 0x30d2dcffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000030d2db0000 | 0x30d2db0000 | 0x30d2dbffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x00000030d2dc0000 | 0x30d2dc0000 | 0x30d2dc6fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000030d2dd0000 | 0x30d2dd0000 | 0x30d2de3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000030d2df0000 | 0x30d2df0000 | 0x30d2e6ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000030d2e70000 | 0x30d2e70000 | 0x30d2e73fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000030d2e80000 | 0x30d2e80000 | 0x30d2e80fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000030d2e90000 | 0x30d2e90000 | 0x30d2e91fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x30d2ea0000 | 0x30d2f5dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000030d2f60000 | 0x30d2f60000 | 0x30d2fdffff | Private Memory | rw |
|
|
|
- |
| private_0x00000030d2fe0000 | 0x30d2fe0000 | 0x30d2fe6fff | Private Memory | rw |
|
|
|
- |
| netmsg.dll | 0x30d2ff0000 | 0x30d2ff2fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x00000030d3000000 | 0x30d3000000 | 0x30d30fffff | Private Memory | rw |
|
|
|
- |
| private_0x00000030d3120000 | 0x30d3120000 | 0x30d312ffff | Private Memory | rw |
|
|
|
- |
| netmsg.dll.mui | 0x30d3130000 | 0x30d3161fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x00007df5ffd80000 | 0x7df5ffd80000 | 0x7ff5ffd7ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff7199d0000 | 0x7ff7199d0000 | 0x7ff719acffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff719ad0000 | 0x7ff719ad0000 | 0x7ff719af2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff719afa000 | 0x7ff719afa000 | 0x7ff719afbfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff719afc000 | 0x7ff719afc000 | 0x7ff719afcfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff719afe000 | 0x7ff719afe000 | 0x7ff719afffff | Private Memory | rw |
|
|
|
- |
| net1.exe | 0x7ff71a490000 | 0x7ff71a4cbfff | Memory Mapped File | rwx |
|
|
|
- |
| browcli.dll | 0x7ffc505a0000 | 0x7ffc505b3fff | Memory Mapped File | rwx |
|
|
|
- |
| samcli.dll | 0x7ffc50ec0000 | 0x7ffc50ed7fff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x7ffc514b0000 | 0x7ffc514c5fff | Memory Mapped File | rwx |
|
|
|
- |
| dsrole.dll | 0x7ffc51ca0000 | 0x7ffc51ca9fff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x7ffc53830000 | 0x7ffc5383bfff | Memory Mapped File | rwx |
|
|
|
- |
| srvcli.dll | 0x7ffc53840000 | 0x7ffc53865fff | Memory Mapped File | rwx |
|
|
|
- |
| logoncli.dll | 0x7ffc53ba0000 | 0x7ffc53bddfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Threads
Thread 0x6840
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\system32\net1.exe, base_address = 0x7ff71a490000 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = SAMSS |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Info | service_name = SAMSS |
|
1 | |
| Module | Load | module_name = NETMSG, base_address = 0x30d2ff0000 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 71 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 52 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 |
Process #127: net.exe
0
0
| Information | Value |
|---|---|
| ID | #127 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:05:17, Reason: Child Process |
| Unmonitor | End Time: 00:05:21, Reason: Self Terminated |
| Monitor Duration | 00:00:04 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x69c0 |
| Parent PID | 0x52c (c:\users\public\mksmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
69C4
0x
6B94
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x00000019e8540000 | 0x19e8540000 | 0x19e855ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000019e8540000 | 0x19e8540000 | 0x19e854ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x00000019e8560000 | 0x19e8560000 | 0x19e8573fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000019e8580000 | 0x19e8580000 | 0x19e85fffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000019e8600000 | 0x19e8600000 | 0x19e8603fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000019e8610000 | 0x19e8610000 | 0x19e8610fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000019e8620000 | 0x19e8620000 | 0x19e8621fff | Private Memory | rw |
|
|
|
- |
| private_0x00000019e86d0000 | 0x19e86d0000 | 0x19e87cffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x19e87d0000 | 0x19e888dfff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x00007df5ff210000 | 0x7df5ff210000 | 0x7ff5ff20ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff705da0000 | 0x7ff705da0000 | 0x7ff705e9ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff705ea0000 | 0x7ff705ea0000 | 0x7ff705ec2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff705eca000 | 0x7ff705eca000 | 0x7ff705ecafff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff705ece000 | 0x7ff705ece000 | 0x7ff705ecffff | Private Memory | rw |
|
|
|
- |
| net.exe | 0x7ff7067c0000 | 0x7ff7067dcfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Process #129: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #129 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:05:19, Reason: Child Process |
| Unmonitor | End Time: 00:05:22, Reason: Self Terminated |
| Monitor Duration | 00:00:03 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x6be4 |
| Parent PID | 0x69c0 (c:\windows\system32\net.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
6BE8
0x
6C2C
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x0000009a319c0000 | 0x9a319c0000 | 0x9a319dffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000009a319c0000 | 0x9a319c0000 | 0x9a319cffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000009a319d0000 | 0x9a319d0000 | 0x9a319d6fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000009a319e0000 | 0x9a319e0000 | 0x9a319f3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000009a31a00000 | 0x9a31a00000 | 0x9a31a7ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000009a31a80000 | 0x9a31a80000 | 0x9a31a83fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000009a31a90000 | 0x9a31a90000 | 0x9a31a90fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000009a31aa0000 | 0x9a31aa0000 | 0x9a31aa1fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x9a31ab0000 | 0x9a31b6dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000009a31b70000 | 0x9a31b70000 | 0x9a31b76fff | Private Memory | rw |
|
|
|
- |
| private_0x0000009a31b80000 | 0x9a31b80000 | 0x9a31b8ffff | Private Memory | rw |
|
|
|
- |
| netmsg.dll | 0x9a31b90000 | 0x9a31b92fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x0000009a31bb0000 | 0x9a31bb0000 | 0x9a31caffff | Private Memory | rw |
|
|
|
- |
| private_0x0000009a31cb0000 | 0x9a31cb0000 | 0x9a31d2ffff | Private Memory | rw |
|
|
|
- |
| netmsg.dll.mui | 0x9a31d30000 | 0x9a31d61fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x00007df5fff80000 | 0x7df5fff80000 | 0x7ff5fff7ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff71a300000 | 0x7ff71a300000 | 0x7ff71a3fffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00007ff71a400000 | 0x7ff71a400000 | 0x7ff71a422fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00007ff71a42a000 | 0x7ff71a42a000 | 0x7ff71a42bfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff71a42c000 | 0x7ff71a42c000 | 0x7ff71a42cfff | Private Memory | rw |
|
|
|
- |
| private_0x00007ff71a42e000 | 0x7ff71a42e000 | 0x7ff71a42ffff | Private Memory | rw |
|
|
|
- |
| net1.exe | 0x7ff71a490000 | 0x7ff71a4cbfff | Memory Mapped File | rwx |
|
|
|
- |
| browcli.dll | 0x7ffc505a0000 | 0x7ffc505b3fff | Memory Mapped File | rwx |
|
|
|
- |
| samcli.dll | 0x7ffc50ec0000 | 0x7ffc50ed7fff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x7ffc514b0000 | 0x7ffc514c5fff | Memory Mapped File | rwx |
|
|
|
- |
| dsrole.dll | 0x7ffc51ca0000 | 0x7ffc51ca9fff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x7ffc53830000 | 0x7ffc5383bfff | Memory Mapped File | rwx |
|
|
|
- |
| srvcli.dll | 0x7ffc53840000 | 0x7ffc53865fff | Memory Mapped File | rwx |
|
|
|
- |
| logoncli.dll | 0x7ffc53ba0000 | 0x7ffc53bddfff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x7ffc543a0000 | 0x7ffc543c7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7ffc55040000 | 0x7ffc5521cfff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7ffc552c0000 | 0x7ffc5535cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x7ffc55800000 | 0x7ffc558acfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7ffc570a0000 | 0x7ffc571c5fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7ffc57540000 | 0x7ffc5759afff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
Threads
Thread 0x6be8
20
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\system32\net1.exe, base_address = 0x7ff71a490000 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Control | service_name = SAMSS |
|
1 | |
| Service | Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Get Info | service_name = SAMSS |
|
1 | |
| Module | Load | module_name = NETMSG, base_address = 0x9a31b90000 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 71 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 52 |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 2 |
|
1 |
